23542300x800000000000000031776Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:18.893{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=209378FD58852CBF9485D2FFB83795BC,SHA256=DBA7E3F247DACC9B30819F1AF42F0F978D8D4FC6ACB49DA363EE1980E505B969,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071824Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:18.376{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E5B7015AE1E2045BCE55289094E2BFB,SHA256=DBA88713678B785E84A2A8E002601C80CE16B116027D34680CC4097C54178E6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071823Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:18.160{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=11B16D92F360FF8DBB6463B989C9499C,SHA256=4821E28EE09ACC63FEEDA72064390C4747FC97999FFDD204EC8008CBA0024EFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071822Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:18.144{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=32E1D7CD54A93C827B225C2E010CF835,SHA256=DC6D087AE4598A98A2DEC25BFCE96018CE53C7996610D881AAE5814C9D627481,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071821Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:18.144{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=FC74E6DB6527EADF16A76C3117B58433,SHA256=D1719D1CE960607776A9EFA45AD918670B55B087FC31F963C3301991B8749853,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071820Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:18.144{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=A1F375806E5F94786AC01D63669FE518,SHA256=6C1FA56BBD774878379D365BECC88A356BA2FD35AEED6003D23D398E90A29E0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071819Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:18.144{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=B887A7E94D4385D5EF2190F61234896E,SHA256=BE8F8DC7FC0CAFDBC60AAFBE15984F05F3023F7085662D89053580F11834EF16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071818Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:18.144{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=E1FF56872FD69D8145853F299BD91C08,SHA256=ADDFF57FE000D14EB33E9BFAFAFE2943DEE54638350A533E9741B73D43C55420,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071817Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:18.144{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=7C96E76095353630BCE04450C12F9A04,SHA256=1601F45DA83F6D7992B945C7450858F6FF48E0617F1B24AD3784C39BE1DB1E99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071816Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:18.144{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=5F81D05A0E462D3B71A057FB87C65481,SHA256=24D1132DB17ABDEB23AF2130C903B2278F26C2F22DC59FFBD5CD787CF5823539,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071815Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:18.144{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=015175BF0AE0DC9928A73FC9C18EFE65,SHA256=6A0DC09CAB70E27100624F72A61AB82B3592957F5715938FCFA4A29D95FDCA51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071814Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:18.144{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=7D38FE4A426B89D3F2E9485B51CBD2EC,SHA256=C43AEC6288C65D416C1F1355FFE278A5D41866C1F8C43BC2E4A325E1F68B064B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071813Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:18.144{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=B643405C2B0B8BD6610DA163B7480572,SHA256=F323F73E559AB0B9304BE800737EDA60EDC2FF901E8BAF63454D6F568EB49398,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031777Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:19.893{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA4D5379ECABD5C61AC61B89E59899C9,SHA256=109EA1119B2CDF3BA89ED9AA32D3D6AEFA09332B5FEC2F0BD0FF907FA319EE2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071825Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:19.376{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DCBCE2304A3F309E1C188DF9DB0A4D7F,SHA256=888B269C9E519EE60E6151F34DCBE36F1398042852A826AF436FA50D0913658A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031778Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:20.908{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7BBEBDEBF21D7FB49E55834C75922CF,SHA256=4D88F975668813CD50080E7DB759750F7B1D8C040D709EEE03478657F87A7880,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071826Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:20.391{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D656CE3D849AAF93F108BCC81C7B64CB,SHA256=37D7A774015C1863CBEEA0095E258E7E12325F766B973EDF8C9A5CAC20FD02A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031779Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:21.924{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=978CEB5BDBF8E0FC84F385BD9ABE9759,SHA256=CC314163E20474D751CB797F39CDA3F4899A386CD2D1A9D712EFEE8F31A53F47,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000071830Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:21.946{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071829Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:21.660{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071828Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:21.591{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000071827Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:21.407{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5EC2A3F483376AFEEA98B41F4244A842,SHA256=873C92EEEB39B15A1A42BC0326EC83E2C59DE2976D3E34E74DAC523324E68299,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031780Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:22.940{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DD3F29CC644DE9EBF337A489F855C95,SHA256=3D859D7F84FCD3E749E92E2011900179A40F5AB061B884A353D5664F8EA6F697,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071833Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:22.990{8057F119-08A1-60EC-1100-00000000DB01}108NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=AC11FDE6EA005B43532EDC616FD59B3A,SHA256=191A96BE796F1CD703CBF4D428293E7A7F8538069CEE694E6D3696D83A2CCDC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071832Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:22.426{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F696CFC7F9E70CE86CE79E10B26930A,SHA256=3994E9FAFA20308E551E3578E1FF5244503D210FC862EFB99F4030E4076D6ACB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000071831Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:22.375{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000031796Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.955{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9DA15A1F01B6E67D423A16F2B93FC269,SHA256=13D621DA9BD91E839E5712E5D201D41E9610A6965917BFFAD53CC54C59E35EEB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000071839Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:23.861{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071838Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:23.528{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071837Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:23.442{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000071836Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:23.442{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7DD12CD2FA81FBE09EA8D34A6E5D9DD0,SHA256=7B555AB1B7D3CF473DA544A46D2F54A48BDC1D1F59B2F08C3219D4F011B39A14,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031795Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.565{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F13-60EC-1A05-00000000DC01}792C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031794Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.565{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031793Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.565{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031792Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.565{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031791Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.565{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031790Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.565{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031789Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.565{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031788Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.565{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031787Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.565{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031786Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.565{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031785Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.565{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-2F13-60EC-1A05-00000000DC01}792C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031784Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.565{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F13-60EC-1A05-00000000DC01}792C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031783Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.566{50946567-2F13-60EC-1A05-00000000DC01}792C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031782Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:23.361{50946567-0A81-60EC-1100-00000000DC01}972NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=B56470119A3A90506EF556F855A7F787,SHA256=207D389DED0EADDE9461D0D40D119ABCF3DDCD3BC1FAF9BC1D1C392A95EEB4E2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031781Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:20.388{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51546-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000071835Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:23.358{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000071834Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:21.295{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63275-false10.0.1.12-8000- 23542300x800000000000000031827Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.986{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8DBBD611F07E0E95A397A639085616CA,SHA256=E03FA98E937CFF940D726BDA76571532DF9BA5788AFA1FBA72CDF3756017724E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071841Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:24.991{8057F119-08AE-60EC-2D00-00000000DB01}3004NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071840Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:24.445{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A672DC045C8E80005FCD23CF38E353E3,SHA256=9A95871D249E19954B9CE70AAC2D10EFDCF7BE4CB2E532C54F2946A3612F11CF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031826Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.830{50946567-2F14-60EC-1C05-00000000DC01}26003616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031825Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.643{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F14-60EC-1C05-00000000DC01}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031824Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.643{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031823Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.643{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031822Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.643{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031821Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.643{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031820Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.643{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031819Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.643{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031818Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.643{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031817Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.643{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031816Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.643{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031815Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.643{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-2F14-60EC-1C05-00000000DC01}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031814Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.643{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F14-60EC-1C05-00000000DC01}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031813Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.644{50946567-2F14-60EC-1C05-00000000DC01}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031812Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.580{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9414F83788BF748BE35C812B101FBCA6,SHA256=D2FA9FDBEBB436735F917B74E4E07D0F9D19926C71D9F67C0CC81C9C770104E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031811Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.580{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6ABC32092F12489342D957DC4CF8D806,SHA256=8652ED217877CFB4BA9BAC485F1163CB7940DA57FA2360F407B0DA3BC9A7A199,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031810Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.377{50946567-2F14-60EC-1B05-00000000DC01}19243296C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031809Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.143{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F14-60EC-1B05-00000000DC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031808Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.143{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031807Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.143{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031806Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.143{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031805Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.143{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031804Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.143{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031803Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.143{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031802Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.143{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031801Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.143{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031800Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.143{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-2F14-60EC-1B05-00000000DC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031799Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.143{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031798Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.143{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F14-60EC-1B05-00000000DC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031797Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:24.144{50946567-2F14-60EC-1B05-00000000DC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000071843Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:25.475{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E994F90F558C9ABA8D9CE05B215BC33,SHA256=F2C9DB7487A6DA1772EF519B7C126F2EF5E1965B184FC9B969351B8A1D979A41,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031855Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.971{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F15-60EC-1E05-00000000DC01}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031854Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.971{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031853Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.971{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031852Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.971{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031851Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.971{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031850Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.971{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031849Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.971{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031848Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.971{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031847Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.971{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031846Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.971{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031845Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.971{50946567-0A80-60EC-0500-00000000DC01}4161044C:\Windows\system32\csrss.exe{50946567-2F15-60EC-1E05-00000000DC01}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031844Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.971{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F15-60EC-1E05-00000000DC01}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031843Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.971{50946567-2F15-60EC-1E05-00000000DC01}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031842Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.799{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9414F83788BF748BE35C812B101FBCA6,SHA256=D2FA9FDBEBB436735F917B74E4E07D0F9D19926C71D9F67C0CC81C9C770104E9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031841Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.486{50946567-2F15-60EC-1D05-00000000DC01}14521128C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031840Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.315{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F15-60EC-1D05-00000000DC01}1452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031839Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.315{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031838Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.315{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031837Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.315{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031836Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.315{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031835Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.315{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031834Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.315{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031833Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.315{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031832Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.315{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031831Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.315{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031830Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.315{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-2F15-60EC-1D05-00000000DC01}1452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031829Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.315{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F15-60EC-1D05-00000000DC01}1452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031828Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:25.315{50946567-2F15-60EC-1D05-00000000DC01}1452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000071842Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:25.191{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000071844Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:26.490{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82AFDB3EAAA4410321683ADADC8877B5,SHA256=6300EF75298CCE757B001CC03F57ECC7F9D1125A99946A08ABF5E56CFD955342,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031857Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:26.971{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B4C580C06BB8ABCBF0765884249C64B3,SHA256=0AE037BCCF65B46DB79EF8B1AEBE503A9A055FE487A9BE5D723886DE4957F279,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031856Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:26.143{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=055947FC70504FD243A7959DE12FCAE3,SHA256=D6E0205AAE3DC13B4F3A9A0F42B3A9E6AD0D2A0EE324E287B486263D4E43D19C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071846Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:27.505{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE3B45F90B95DB39708EC0D87C350B71,SHA256=C2993185BEC8F27D7F7ED07291C42D88ED909C3B4F675A76AE448CCD583D5582,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031858Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:27.377{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF197E1833292D82E963332B4FA09620,SHA256=EABECE6AE3A4F8239481F4AF291C2D585DBFFC08922130929DC098E1CCDC8F54,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000071845Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:25.111{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63276-false10.0.1.12-8089- 23542300x800000000000000071847Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:28.523{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF7AEDEC455BD56ED361CDB8A2C7951C,SHA256=5306C30FBC45F4D1C92AEE46BDD261405B8B430CC8A04070A9296DE9D755A03D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031887Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.908{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F18-60EC-2005-00000000DC01}1572C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031886Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.908{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031885Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.908{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031884Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.908{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031883Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.908{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031882Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.908{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031881Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.908{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031880Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.908{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031879Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.908{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031878Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.908{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031877Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.908{50946567-0A80-60EC-0500-00000000DC01}416532C:\Windows\system32\csrss.exe{50946567-2F18-60EC-2005-00000000DC01}1572C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031876Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.908{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F18-60EC-2005-00000000DC01}1572C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031875Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.909{50946567-2F18-60EC-2005-00000000DC01}1572C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031874Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.408{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=057FE951608A36C299590ED14F201963,SHA256=9C537938BAF6DA41DB8D7CB2F2F4EE77D178A390FC7D4EBB64AB8E381973CDDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031873Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.408{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2AC673D5A87783ED315F85F031B06B0B,SHA256=8CBD9FB0BB4AEB651B083269E7DD71D50CB8A057F7489D145F89FACAB46D5DD3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031872Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:26.388{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51547-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000031871Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.236{50946567-0AF3-60EC-A200-00000000DC01}25523008C:\Windows\system32\conhost.exe{50946567-2F18-60EC-1F05-00000000DC01}1812C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031870Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031869Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031868Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031867Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031866Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031865Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031864Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031863Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031862Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.236{50946567-0A80-60EC-0C00-00000000DC01}7283756C:\Windows\system32\svchost.exe{50946567-0A82-60EC-2200-00000000DC01}1376C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031861Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.236{50946567-0A80-60EC-0500-00000000DC01}416432C:\Windows\system32\csrss.exe{50946567-2F18-60EC-1F05-00000000DC01}1812C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031860Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.236{50946567-0AF3-60EC-9E00-00000000DC01}35563476C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{50946567-2F18-60EC-1F05-00000000DC01}1812C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031859Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:28.237{50946567-2F18-60EC-1F05-00000000DC01}1812C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{50946567-0A80-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031890Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:29.455{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A68562BA8B2E8CD99D63BD1745FA84B4,SHA256=0CE0C156ECC9955987C0563E676F0AACD370A938E0E8A1F969F7751C0D89EB98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031889Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:29.455{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A1363D31C57EF2570924BFA1D237BE1E,SHA256=102A66ADAFEA62914ACB810349A0FE8BC29444B7E143B8CEE3982EFB150B79B5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000071850Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:29.541{8057F119-089F-60EC-0B00-00000000DB01}6324048C:\Windows\system32\lsass.exe{8057F119-089C-60EC-0100-00000000DB01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x800000000000000071849Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:29.541{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F906AE7683AA29CB56DD42CF5DC30FA4,SHA256=1B381607B028F4AEC9D6257F513858AC19D49CF86162A9FD51BD215EE184E76D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000071848Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:27.256{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63277-false10.0.1.12-8000- 10341000x800000000000000031888Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:29.096{50946567-2F18-60EC-2005-00000000DC01}15723592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000031891Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:30.489{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=36904341D151F46AB1BAE7FA124CCB0E,SHA256=BBDB7679AD2CB39201A6D2CC23F7F6697287B377132A44974AB24BF5F607A254,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071853Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:30.557{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=03F2086A38203205D12AEAAC04EB1635,SHA256=F607E29763D3B54850F077461CB545A966A84741925C3D6B37BD0F0A4A8E59F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071852Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:30.557{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4F9A29B8C469C130E351FD66C5BA8313,SHA256=AC01EBCF1637C252A35DF05D78E641CC0147BC2D4A1A513FCECBFF5F80DE83C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071851Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:30.557{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8AE4D49AAD2768E36166BCAE550C2E3F,SHA256=6DF21335E29D495DCA674EB1FD0814CAFFD6DC42C8923533B77D1C4232BE2563,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071867Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:31.587{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=55DB21952243A461926C06B93A19D37B,SHA256=4F2E2904935A0C69C25758554075B1013A864D011AA1FACEC7C56A5BE02A619F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031892Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:31.533{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E5B08DAFD85B9D7AF7B33D3CA41CBDF,SHA256=1175892B1B0F456826FA870A7FD54391C17BD53FA3FC43C1C9E113862A9AA923,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071866Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:31.371{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=E54F3FA08479C7D21518F9A45CF3E5BF,SHA256=9EC3DE08B42954B1FC880AA20593B27C107FDD4EE262D3887A42D8AE460BEDDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071865Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:31.371{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=B92EC1D5823FA1C731C3DDD7F29D51E6,SHA256=18DBB3CFFA7875FB1BAE9EF00BBAAFB3866639C138C98458188C1F1D5C198656,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071864Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:31.371{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=AB481FA45367F14434B84D725B052DFE,SHA256=7E599A5CA12FC1A5147AABD51CAC9D646BB31CD049D0AAE5D3053D1B13784D24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071863Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:31.356{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=F7C9540EE6A691A344AEE0170B258A01,SHA256=8E93375D4AD1E45D17D3024A384FEE8C1751342D325D067282A4E2A5C8980879,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071862Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:31.356{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=5EEAEE255AD2875B25CF16610A92094A,SHA256=66C7A5A4DFBEFB61734FEBA22226D4BB4EC50BBC738A3334F270886921FEF9DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071861Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:31.356{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=42D8F8A7FA4B1914182F02AE356302FB,SHA256=81A6F74C89E3B1751B4C859ED8D56CDDA02FD04F2D324DBF400CB80E129218A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071860Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:31.356{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=33826FE6FDAAA27199507B3EC37FCDED,SHA256=14A461306B1053E51B61211CC25BD6F19D6581B3EF8C550AE70249AC1F783AA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071859Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:31.356{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=8A1B0AED9235197516637632A12249B4,SHA256=428DFD5AFC34658ED6E896A41F8BB9D56A9654EA0AF585B46BD26731A9A0EB8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071858Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:31.356{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=29CA061B84648017E248B89578ABBB10,SHA256=293DE97EEAF9EAB3EF63BD5CAD610A549CDF75AC6B165BC877ED50211CBA3A6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071857Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:31.356{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=AAC5D602C4BC56C51E6F9BA3F0262308,SHA256=36416520A502B1163D8513B6A7BF5572096FE6E46E68D8BE08C38BF1C91A14BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071856Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:31.356{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=A3A4562927D46DCC95869E199F305F98,SHA256=246CDCEA081CC13330B92511A0C352D9785DD543FFCCC0A4A51D546FE19D073A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000071855Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:29.678{8057F119-089C-60EC-0100-00000000DB01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63278-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local445microsoft-ds 354300x800000000000000071854Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:29.677{8057F119-089C-60EC-0100-00000000DB01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local63278-truefe80:0:0:0:9025:424a:f4fd:5b8win-dc-89.attackrange.local445microsoft-ds 23542300x800000000000000071868Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:32.603{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34F2CEDDBB724DACAB15A564298545E2,SHA256=3A66658326BEBE652CE4722C304A070833FF582716588117166E45E4473CC9B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031893Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:32.565{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6A6324949E39F254CC25E24CBD64319,SHA256=8A51326B5971368D5669B0369D110191E70A30F5C506E28E8707E1E6C1C4690D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031894Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:33.585{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=716CBF8504D72738B04F378CD108B472,SHA256=FE1F3DDB6EDA718C216080454857A12A3C4B8E256203B1A8D95FBD41B77482C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071869Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:33.603{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A9D940DE6FE23A698D7B6E37E50D5CA,SHA256=4022F93BB078E53CC72479C3554292533D44525AD718E1098FE04747A44D11E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031896Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:34.679{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D41144F5EEDEC2FD495DF0CF3A183F2A,SHA256=EC3B65D5512DB23087066BC561BC6ABD82D0E523AAAE131C3FFD313B8A9367AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071870Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:34.620{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A2C5185E282130D525696D1672E22FD,SHA256=09BB6E20CD1D7CB9C4A5701432F1C0ECBBE3DE196A76DAA68DD5036E49FB59E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031895Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:31.514{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51548-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031897Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:35.741{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB075146B732DF61989BC311DFBC3CAC,SHA256=EA8AC3A9A4B9B844AF91266C1CB4FDAC9829D560487CD960BC97823DE4E7E7BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071872Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:35.638{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=454AA9A0AB2E4C39557DE181905E023A,SHA256=4856D220A6F2AB368ABECE2F775B82FBB8861ADC44B89D8A161D006437BAE2C8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000071871Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:33.275{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63279-false10.0.1.12-8000- 23542300x800000000000000031898Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:36.976{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81BAC5B96D7D06FF4EF7F6569EADDA48,SHA256=57C02F26CCD8716F92540A6E1540BA85321FBE8015F5EC33FFD39CFD74325F52,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071873Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:36.653{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=032743A29C3C6BB3A3CDCBACE923129A,SHA256=D492F0407F2222240262C55E2F282AFCED7199027334224CC6958AB333ABD18A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031899Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:37.991{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFBDC0011C9C9D4311087BA58B89D59C,SHA256=203F63006192E99BF598F422BDA8908C8ECCCB3FDB2EDFD3B2B49FFBEFE8972C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071874Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:37.668{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA44F2A83AAA48DAC67CE3D1334D0A56,SHA256=3C56EB21C77A9441D071BB280BC5A33EDFAF7C9D45242D0B2B7B8007A191E802,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071875Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:38.698{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA464F46292AC83DE93DBFA855E7A7D6,SHA256=9EDFF7492D67BEE533CFBD85AC193B5EE367CAC3395953D030E51FBCABF59F84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071876Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:39.715{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EBFD4FE9660A95EC2B58A7D10637B211,SHA256=38B7C904E78C27A5B67171D325DA16D3813030A3549DE407C7C17FC2593AD2D3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031901Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:36.533{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51549-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031900Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:39.116{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD0C2B5465930B47A9C2D0E29808AEED,SHA256=7CDDFCA970769F783DAE1F0161648151010000E3323F839386AB8CCC4CCB58E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071880Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:40.733{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D171E7F0BC6DA07A29EA45557767F31,SHA256=51235903BA431A0979E3C4284B8F083D55FBB95DDFF6A7BE42E25C52A53EB3E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031902Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:40.351{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D257D8419966448B60E40E251268200A,SHA256=3359302A96AE264961360BDFECBC5D086374D35F8702EF4BF61FF83D79348EA0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000071879Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:40.596{8057F119-08A1-60EC-0D00-00000000DB01}8968572C:\Windows\system32\svchost.exe{8057F119-1972-60EC-F605-00000000DB01}3272C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071878Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:40.596{8057F119-08A1-60EC-0D00-00000000DB01}8968572C:\Windows\system32\svchost.exe{8057F119-21BD-60EC-4207-00000000DB01}5712C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000071877Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:39.217{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63280-false10.0.1.12-8000- 10341000x800000000000000071886Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:41.848{8057F119-08A1-60EC-0D00-00000000DB01}8968572C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2F00-00000000DB01}3068C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071885Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:41.848{8057F119-08A1-60EC-0D00-00000000DB01}8968572C:\Windows\system32\svchost.exe{8057F119-08A1-60EC-1600-00000000DB01}1236C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071884Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:41.848{8057F119-08A1-60EC-0D00-00000000DB01}8968572C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2F00-00000000DB01}3068C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000071883Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:41.748{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=040A7016771E28EDDB6795A205591EF9,SHA256=6FF03D3FBB2304064A05A497698C3A9A38390153DBA7134036390E2AD18CBC94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031903Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:41.585{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF8563BB58742DB6373FA060F31056F1,SHA256=4AE4B692AAE18F542CE7BAA08CBDFEA3F9839EAEE20B56F474E43AECCB510763,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071882Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:41.264{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4194DEFF88AD20A6900B941AFE8CE30C,SHA256=C5EE6050C9B8C532DBC1C7A224DE31FBC8AAFB5EE3E94644E756B2D5A94D9B3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071881Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:41.264{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=03F2086A38203205D12AEAAC04EB1635,SHA256=F607E29763D3B54850F077461CB545A966A84741925C3D6B37BD0F0A4A8E59F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071887Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:42.764{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9967EE8412654E80203474C4E5826576,SHA256=053B89115B28BB0676D4272913A5E9E3BAA4CA6B7EAA7DF6C1ACDCCF9C1594A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031904Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:42.679{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=560E819F20E9D0BD1C0A00C8C7E0E69A,SHA256=682D719EBD01F4C5A6F1934E6662EBD696B26D4FBC08FA8DD6F17EDD97B8DD1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071888Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:43.765{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=738366310551F7962D2F3EE73F30BFAC,SHA256=DAB5D68A6D63C4D1BD56A769FDDDDB3F70247ADA611311C5D64B911C48926ECE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031905Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:43.741{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F699A3C8714B753B1235D989BB1ADB8,SHA256=F2A88265844D2E32FF1E001297D15D3D665E4744EF8074B305BD3250C59B387B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071889Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:44.779{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC0A8B85086CC04817960BFDFC08E615,SHA256=656FDC1737E0C6871CD4A4A56969B2FCC468C3C6672419CF8ED3E90C2F155ABF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031906Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:44.757{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D15317BBD28617F646ED574BA782AD1,SHA256=B7292C63FF926BCE979C4DEC5E12C4090E836FF6B6B62DCEC9ED7DA16974E214,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071901Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:45.795{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A15C4CC5F461DFA41F33D4BAD771293F,SHA256=3A07F505138D17C4AC39D58CE87AE996F7CDD9CFDBC8569DD431A079ECC20B24,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031908Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:42.580{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51550-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031907Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:45.772{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7900CCBB8B0DF7BA0B2A09947D937B54,SHA256=D4C571F5A3AB4AFE1CF25D479281648EA056E7533FFDDA8FD67280965FA6AD78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071900Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:45.116{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=55B51A9C74EA2D52382CB4D9F1502505,SHA256=B5451100AFDFECC65DD73439C08C2F15271FFF7644655B5D216CF2E2F86B4084,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071899Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:45.116{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=72725AD534C9D8D88D96F26C1EBBCCD7,SHA256=A361F38FDB2145DB0E035E8B2131DB9437BD8E2B8E9ABF365C7E473EEF622895,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071898Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:45.116{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=60A508CD7517D685AEBE038C93147F06,SHA256=3CC22B348C47F1EAC35A70D15534DC794028E9EFDB11F414B816D0F2ACAA4B01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071897Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:45.116{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=5846791359B9C79785F9F5773DA0FE4A,SHA256=1B952FBE9FF5763179B7D4A17C9CBB57B5EE48AE4F08C809028EBE9D23975EB3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071896Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:45.116{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=AC5E0FC97622131647E9B00FE866F731,SHA256=499CCB71B46ADE69E87EC647F6AFC03CE051CD9D1F9A3A04FCEEA38B6C55D799,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071895Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:45.116{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=146A52E79ED7353D438E980F836B94D7,SHA256=37950F64DE5217F094D67B851C3D36135F393F78ECCD09112B276B982341082E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071894Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:45.116{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=F49EAF16720CB57D94F7727C5BF4342F,SHA256=72531DF3812EC38FB5387B3E5EA7F8526B36C5F89C63DE8BB8B6F28120F9765A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071893Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:45.116{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=C534985CBE203FAEC7879E3335C22DB3,SHA256=E23C54219CE74362C5FAD192903DB3654F5E6D379F4BF3A1232DF863852F575A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071892Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:45.114{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=E6F74560705F8471CCA5BAC643F27E3D,SHA256=0612BFB8A184456AAAB99804BF245F573A4EFA1F58DA5DDE5A7A10402F0CB27D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071891Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:45.113{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=63481355A76CD1683935CB471EDAE146,SHA256=CE5E54C9577409CC4D743024CEC5D1A4F330B70918217C1E1846A0A18F311CAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071890Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:45.112{8057F119-21D0-60EC-6307-00000000DB01}7172ATTACKRANGE\bobC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\ugslyq49.default-release\datareporting\glean\db\data.safe.binMD5=B18A2440AB4D1FE5FDEA1D37ECBD416D,SHA256=F50D25F73F6D5482ED1036930CC413852E1420EA1F81484BF2A6016FC1140210,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072007Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.965{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B577159B11884819BBBE021911D23CFA,SHA256=0095BD47B71921BF4C7FFE12FEE10AF1B3646B32D5C08D79FE6B5E1D020D078B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072006Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.918{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A46E28FD5237D3BE61936F3DCBB3BC1,SHA256=F2909FADBA3ED07E5D2BD10B5EF6C7C2653FF955F578B8310184FE062FBB6D82,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031909Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:46.788{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2B90D7FE22DBE48A6C133469E6DEEF5,SHA256=883BE5549E5AEAB26C785A39AFA21FE1C2396E57DE3EE87F02776AD6C71C3EBF,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000072005Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.750{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000072004Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.750{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000072003Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.750{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000072002Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.734{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000072001Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.734{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000072000Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.734{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000071999Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.734{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000071998Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.734{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000071997Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.734{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000071996Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.734{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000071995Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.734{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000071994Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000071993Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000071992Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000071991Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000071990Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000071989Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000071988Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000071987Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000071986Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000071985Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000071984Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000071983Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000071982Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000071981Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000071980Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000071979Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000071978Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000071977Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000071976Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x800000000000000071975Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000071974Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000071973Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000071972Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x800000000000000071971Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000071970Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000071969Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000071968Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000071967Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000071966Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x800000000000000071965Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000071964Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000071963Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.718{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000071962Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.717{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000071961Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.717{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x800000000000000071960Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.716{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071959Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.716{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071958Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.716{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071957Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.716{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071956Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.716{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071955Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.715{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000071954Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.714{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000071953Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:45.246{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63281-false10.0.1.12-8000- 10341000x800000000000000071952Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.349{8057F119-2F2A-60EC-E709-00000000DB01}83089964C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000071951Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.349{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000071950Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.349{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000071949Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000071948Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000071947Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000071946Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000071945Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000071944Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000071943Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000071942Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000071941Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000071940Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000071939Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000071938Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000071937Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000071936Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000071935Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000071934Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.048{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000071933Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000071932Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000071931Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000071930Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000071929Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000071928Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000071927Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000071926Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000071925Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000071924Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000071923Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000071922Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000071921Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000071920Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000071919Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000071918Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000071917Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000071916Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000071915Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000071914Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000071913Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000071912Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000071911Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000071910Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000071909Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x800000000000000071908Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071907Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071906Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071905Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071904Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071903Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.033{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000071902Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:46.034{8057F119-2F2A-60EC-E709-00000000DB01}8308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 734700x800000000000000072063Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.596{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000072062Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.596{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000072061Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.596{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000072060Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.415{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000072059Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.413{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000072058Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.413{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000072057Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.396{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000072056Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.396{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000072055Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.396{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000072054Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.396{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000072053Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.396{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000072052Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.396{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000072051Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.396{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000072050Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.396{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000072049Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.396{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000072048Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.396{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000072047Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.396{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000072046Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.396{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000072045Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.396{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000072044Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000072043Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000072042Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000072041Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000072040Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000072039Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000072038Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000072037Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000072036Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000072035Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000072034Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000072033Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000072032Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000072031Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000072030Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000072029Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000072028Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000072027Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000072026Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x800000000000000072025Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000072024Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000072023Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000072022Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000072021Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000072020Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x800000000000000072019Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072018Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072017Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072016Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072015Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072014Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.381{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000072013Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.382{8057F119-2F2B-60EC-E909-00000000DB01}988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000072012Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.035{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BC0A16C493AD6D2A9123D9B012B5E1E2,SHA256=B15846A5608B813C47E416122B6BD9398C148B09F50288C8E47837E0E05596DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072011Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.035{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4194DEFF88AD20A6900B941AFE8CE30C,SHA256=C5EE6050C9B8C532DBC1C7A224DE31FBC8AAFB5EE3E94644E756B2D5A94D9B3D,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000072010Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.018{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000072009Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.018{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000072008Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:47.018{8057F119-2F2A-60EC-E809-00000000DB01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000072065Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:48.415{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BC0A16C493AD6D2A9123D9B012B5E1E2,SHA256=B15846A5608B813C47E416122B6BD9398C148B09F50288C8E47837E0E05596DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072064Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:48.164{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE564749D9D8EF7C84829CECCAE8A230,SHA256=638E2ED17B4E78BA1651AE0433E646CDE74A86D94A83AE39D10FC2FA478F1639,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031910Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:48.007{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2ECC69B6BBAD3D81292C1C68EDC6D55,SHA256=A80338541B9B164064F4A5B527FCB3234F175F7167D6C645917602A9624FD01E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031911Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:49.085{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85BC56B2106777C29FDBE810D6F3ABFB,SHA256=BE946FFE125064FCD436E9637B7098FB0CABA694CA659BB9B690CDD7AC251633,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000072117Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.617{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000072116Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.617{8057F119-2F2D-60EC-EA09-00000000DB01}93609796C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000072115Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.617{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000072114Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.617{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000072113Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.380{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000072112Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.380{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000072111Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.380{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000072110Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.380{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000072109Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.380{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000072108Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.380{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000072107Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.380{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000072106Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.380{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000072105Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000072104Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000072103Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000072102Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000072101Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000072100Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000072099Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000072098Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000072097Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000072096Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000072095Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000072094Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000072093Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000072092Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000072091Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000072090Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000072089Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000072088Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000072087Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000072086Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000072085Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000072084Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000072083Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000072082Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000072081Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000072080Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000072079Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000072078Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000072077Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000072076Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000072075Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000072074Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000072073Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072072Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072071Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072070Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072069Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072068Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.364{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000072067Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.365{8057F119-2F2D-60EC-EA09-00000000DB01}9360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000072066Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.180{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=843B9B50979115DC0619212739F6125E,SHA256=62F9249A3A9358227C6BFE83191AB2121C90C29EBA43CC6840C7003674F030D7,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000072223Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.922{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000072222Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.922{8057F119-2F2E-60EC-EC09-00000000DB01}96089776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000072221Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.922{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000072220Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.921{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000072219Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.717{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000072218Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.717{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000072217Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.716{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000072216Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.715{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000072215Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.714{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000072214Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.714{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000072213Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.713{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000072212Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.713{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000072211Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000072210Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000072209Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000072208Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000072207Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000072206Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000072205Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000072204Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000072203Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000072202Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000072201Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000072200Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000072199Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000072198Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000072197Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000072196Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000072195Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000072194Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000072193Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000072192Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000072191Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000072190Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000072189Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000072188Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000072187Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000072186Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000072185Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000072184Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000072183Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000072182Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000072181Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000072180Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000072179Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072178Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072177Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072176Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072175Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072174Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.695{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000072173Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.696{8057F119-2F2E-60EC-EC09-00000000DB01}9608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000072172Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.379{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E6759F7C812AF96EC75D6EFBECBF057C,SHA256=5B83D19F920DF1FB0D96757C9AA843186D51D52FC39640400F2AF1C875EB8101,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072171Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.279{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2F2458F334B9E283436F63D8D30447E,SHA256=ADFF241526FB58466AEC8F2691E80099B362DA026DFF5F175657470052D6C01D,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000072170Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.264{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000072169Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.264{8057F119-2F2E-60EC-EB09-00000000DB01}954410164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000072168Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.264{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000072167Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.264{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000072166Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.248{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3187C313601951DF2E1DDBDF764941C,SHA256=5E419E122BA95A1FCB2D072EB49631069A4B48EF84F8FB3FAD5702EAEAE5DE57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031912Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:50.101{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE509FFED1A545815C7C9AE8B6984FD8,SHA256=F349BAC62721A6AD45CE715B3BE39785D54240E6A87AF2CF932BE8BB90CDF9FE,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000072165Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.047{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000072164Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.047{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000072163Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.047{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000072162Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.047{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000072161Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.047{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000072160Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.047{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000072159Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.047{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000072158Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.047{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000072157Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000072156Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000072155Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000072154Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000072153Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000072152Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000072151Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000072150Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000072149Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000072148Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000072147Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000072146Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000072145Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000072144Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000072143Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000072142Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000072141Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000072140Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000072139Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000072138Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000072137Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000072136Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000072135Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000072134Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000072133Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000072132Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000072131Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000072130Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 10341000x800000000000000072129Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000072128Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000072127Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000072126Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000072125Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x800000000000000072124Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072123Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072122Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072121Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072120Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-089E-60EC-0500-00000000DB01}412436C:\Windows\system32\csrss.exe{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072119Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.032{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000072118Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.033{8057F119-2F2E-60EC-EB09-00000000DB01}9544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000072227Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:51.699{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D1A45C30D1051A185573935EEF55204F,SHA256=175D6D97F3DF19A253A48ADEC58E0A2E8EBFEC64B95EACBC4A8C750EF8FE7C81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072226Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:51.652{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B49FBFE6A776D522C5A95830F87C5A10,SHA256=5064C50D6FB8DEECE2B105DB17C480848AD4CB42042FF04162340098B237638B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000072225Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.815{8057F119-089F-60EC-0B00-00000000DB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63282-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 354300x800000000000000072224Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:49.815{8057F119-08AE-60EC-2800-00000000DB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-89.attackrange.local63282-true0:0:0:0:0:0:0:1win-dc-89.attackrange.local389ldap 23542300x800000000000000031914Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:51.288{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=687C2EB2EE052DFE71C8AAE193D3F97A,SHA256=E5D4AC18D008DCBA458147A003F486A0C22FDDEC4E5448FB271AF2F27BE0072F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031913Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:48.424{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51551-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000072230Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:50.330{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63283-false10.0.1.12-8000- 23542300x800000000000000072229Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:52.567{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA349E556E4B9A765F0E61F321EABDCD,SHA256=75686A26208931AEE085E475CB3D948446D28C30916A0BC21D4317686ADC0116,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031915Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:52.304{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04D3241134DFE03D11E050A410E3FBBF,SHA256=9933B8328A111437B5E9A11DF9E02504059050D1448ECFEFD0C4CD491469440D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072228Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:52.351{8057F119-08A1-60EC-0D00-00000000DB01}8968572C:\Windows\system32\svchost.exe{8057F119-08A1-60EC-1600-00000000DB01}1236C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000072282Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.968{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E9849EB98A2A30A5F7F6642B57AF77E,SHA256=7504C58A30D351DF5CEAF9DDBEC870608AAD82C5F45C96B9F57A062EF12BB052,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031916Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:53.319{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33C6C030FF1615A227C31B3A1C943AFE,SHA256=F0633EB2D453E6D8E2EA797C2007F4CB319921B274D57929D9D5C2302DA425BE,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000072281Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.369{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000072280Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.369{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000072279Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.369{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000072278Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.152{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000072277Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.152{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000072276Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.152{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000072275Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.152{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000072274Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.152{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000072273Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.152{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000072272Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.152{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000072271Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000072270Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000072269Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000072268Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000072267Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000072266Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000072265Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000072264Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000072263Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000072262Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x800000000000000072261Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000072260Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000072259Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000072258Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000072257Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=B54D1302F309C7E6E408C5B8566951C3,SHA256=491B17EE35BA993608C8A9EE6D6D2743496756F0FB2F2D43B7AF03F7C45EAA38,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000072256Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000072255Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000072254Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000072253Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000072252Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000072251Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000072250Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000072249Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000072248Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000072247Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1,IMPHASH=B511E4B82A44D3731CDA46A74F5D57EAtrueMicrosoft WindowsValid 734700x800000000000000072246Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000072245Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000072244Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000072243Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000072242Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.136{8057F119-08B0-60EC-3800-00000000DB01}34403460C:\Windows\system32\conhost.exe{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000072241Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.135{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000072240Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.135{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000072239Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.135{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000072238Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.134{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x800000000000000072237Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.134{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072236Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.134{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072235Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.134{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072234Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.133{8057F119-089E-60EC-0500-00000000DB01}412528C:\Windows\system32\csrss.exe{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072233Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.133{8057F119-08A1-60EC-0C00-00000000DB01}840704C:\Windows\system32\svchost.exe{8057F119-08AE-60EC-2C00-00000000DB01}2972C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072232Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.133{8057F119-08AE-60EC-2D00-00000000DB01}30044024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000072231Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:53.131{8057F119-2F31-60EC-ED09-00000000DB01}9500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8057F119-089F-60EC-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{8057F119-08AE-60EC-2D00-00000000DB01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000072284Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:54.983{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C632C97B536E3250C1910D8B0B25EA4E,SHA256=CE1905162291F57B1C16B63642A42F56E826CA7F3B404B9CEC84502D965BF4B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031917Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:54.324{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4901DD1D996C54406E0FF5F8819B51C,SHA256=0CCF6A4ECAF01A1DEF4965CDA4D859C8498F66366210B86EF9F42558B0E477CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072283Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:54.152{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DAC1DD5E64DD22F89F21240AEF1C9069,SHA256=51905D295EDA91A29A284E9609427C84CEDC994EDD0AFA0F27A5CAC449936573,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031918Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:55.340{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E07D6F994B956BA020B2E28F2872B22,SHA256=6E0FDF36C366F00E7EC78446EC718787BAC6C20DD73A1622B2C4227340FD2E21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031920Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:56.355{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F865168E099C5138F30364D349C34EA7,SHA256=3CF593392488838EAF31A179FAC7B947E8DCDAF8DC8811173CEDB199455BCA16,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072286Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:56.597{8057F119-08A1-60EC-0D00-00000000DB01}8965648C:\Windows\system32\svchost.exe{8057F119-08A1-60EC-0C00-00000000DB01}840C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000072285Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:55.998{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E49FABA64807670E1170AA575188C8F,SHA256=BEEE8FC593957C7ADFA71BE05561A9819084AC388CBCBE7004A8F807B00C2108,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031919Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:53.444{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51552-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031921Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:57.371{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D60FD6A643FA629C7A624A3C60978F46,SHA256=17E2DB6274CB6B22F2B676ABF57EFE1FB74658296D102B6CE41C8C4C742DD117,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072287Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:57.013{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A0FA4C4ADB28D77936B79C948EB51AD,SHA256=B9A567E583D4C815D63467A94A5B2A9E3B6505D731A5E80A60762AFC7EFC4B17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031922Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:58.371{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C24432B014384046C58F09E8CE8FA167,SHA256=F31B19D12F0669AD23F0A9DBFDB58BC37881A1CFDFE674FDD1C5CF6ECA9C7546,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000072289Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:56.301{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63284-false10.0.1.12-8000- 23542300x800000000000000072288Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:58.033{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CEC4D8D435114A35B2FA0DFF706BF5BD,SHA256=93F20F04A0FBB7EFF1BE8BBE4D5E07F51F9EBB4E3FEBA1D47B1C20D14624141E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031923Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:59.373{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7AA1B39395AB5D8084975CA3071F9DF4,SHA256=61F88D45C01DA0449C2C417DC79A5A6CF3308B969FB1A7A717152E627BD0B18C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072290Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:01:59.035{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=753DB428668C3B4A8908AAAA888ABED9,SHA256=83BF338EB495FBDE3175D8F49E97EB96820D48470506320DCB646DA784FE956A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031924Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:00.386{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=888F533C0868762E8A35D97A3979E646,SHA256=E4FCBAD120486E042CCA32F3EC858CD74CEE0C348F25845F48D71104F45D61C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072291Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:00.050{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0556A3E147DC0703F712CB44074BB653,SHA256=B3E8A9A70D778E7A4DE1D1FDE5E98F8C14841763C60ADFD6CA720BE7F79EFF4A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072292Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:01.065{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25885BE3FA88D3FC52EAD52CABF1FD0F,SHA256=EAA77F23BA9C661AE5DE188A51B3489F46493BDE72E053B3BFE6509A2F2A0AD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031925Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:01.393{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=28C62295C4CB8D78C554DB1A84118F22,SHA256=F1D660C1215803538BDDA243384B0E66B76DB0553AE1FEA8ABC37FC4B135A012,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031927Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:01:59.446{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51553-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031926Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:02.403{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=272A6580E11EAD513A20C1A1A738852E,SHA256=3C4233F3FB0084BC3ACE32A032184900C14B090B33DE87619CA635BC1B188155,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072293Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:02.082{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8581DD534DD6464DE9B57DC2FD01550,SHA256=7B630ECC9C0861B9715E77B23A45F19BE5FF93654610F47CB624EAB711184754,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031929Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:03.419{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2CEC9E474B3DC5EEE9CC6F9409BA65EF,SHA256=6DFCD84496A2D640AC331B8DE10CB6C4D8DD634F8A13B40EB1B136485CF5A4CC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000072295Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:01.366{8057F119-08BA-60EC-6D00-00000000DB01}2348C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-89.attackrange.local63285-false10.0.1.12-8000- 23542300x800000000000000072294Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:03.112{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3ACA17963DCFB22ABEC381BF2D2C1380,SHA256=20DAAF98BA566EA236D7B98FC16BB62E75E037C16215650127D0AEC6EA126389,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031928Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:03.044{50946567-0AF3-60EC-9E00-00000000DC01}3556NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=A52F6585761A8E82F695C029A0DE8E39,SHA256=23013549159043F148E7F54E2980270BD42A6AB4C4FA368424ACDA42C74194F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031931Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:04.435{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B7BD20C76DC08AD395ACB5D03AFA79A,SHA256=0412C14CA50FB2B89F90382C66DFB55065D8BD71C32F8E15F4FF9EB57119D29C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031930Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:02.383{50946567-0AF3-60EC-9E00-00000000DC01}3556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51554-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000072296Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:04.133{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D430804DB945B4D434A620FC38F8F51E,SHA256=B7BA7E0E4E974EBE84558A8139280347BE3D62AA7F9EF2489C44641FFC055017,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031932Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:05.466{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=932DD821A673E6BAC7BDFD6351D09668,SHA256=B08AB4137F02496D156110C2CBBF93CD11F0BFE44C96C4ADE9540E98C49E9320,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072297Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:05.147{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F924A3C3AFC0F55B98BE7897D3ADC284,SHA256=52A31412057BCE8F55CB4C82BDE24CB7364EE536C1DDBBC03A792FB2D36C6E9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072298Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:06.178{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98A221E56ED71D15D64A6B1E2AD9F039,SHA256=CCC741B5537E8EF46F717EF5F5F5AF569620BC7A50F066B758F3474791F4B382,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031933Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:06.482{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F15A535708D6B68789425DDCB42FCAE0,SHA256=1BF967F0D697A9DF9E17F5E737CCD616F32D0AABD2163B577AA33CAE9B5C5FE5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031935Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:04.524{50946567-0AFB-60EC-CC00-00000000DC01}1384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-439.eu-central-1.compute.internal51555-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031934Microsoft-Windows-Sysmon/Operationalwin-host-439-2021-07-12 12:02:07.497{50946567-0B01-60EC-D900-00000000DC01}3852NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B606C88E329C34CDF1BDC45C9C2C0169,SHA256=DBEF3B8CFCF19ADCB998E415A06762A3F077197F77972221E8BDD01306E0CC60,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072359Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.845{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072358Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.814{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072357Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.814{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072356Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.798{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072355Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.798{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072354Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.798{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072353Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.797{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072352Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.791{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072351Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.788{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072350Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.787{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072349Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.755{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-2B8F-60EC-3C09-00000000DB01}5920C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+3b1a911|C:\Program Files\Mozilla Firefox\xul.dll+101a8a|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+188d1c|UNKNOWN(00000059F97F7AC4) 23542300x800000000000000072348Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.659{8057F119-08C1-60EC-7600-00000000DB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F98CDD512204FA373146DA36365A96E,SHA256=511BFA06E505EAA9E1A660F68348CCAC72A088AB62AE0FA4D61F554D5AC49B85,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072347Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.624{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072346Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.604{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072345Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.598{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072344Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.594{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072343Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.594{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-22BA-60EC-9407-00000000DB01}3852C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072342Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.594{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6907-00000000DB01}8096C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072341Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.594{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072340Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.594{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21E0-60EC-7207-00000000DB01}6340C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072339Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.592{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-226C-60EC-8A07-00000000DB01}5640C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa4f7|C:\Program Files\Mozilla Firefox\xul.dll+da83b9|C:\Program Files\Mozilla Firefox\xul.dll+da05d3|C:\Program Files\Mozilla Firefox\xul.dll+40208|C:\Program Files\Mozilla Firefox\xul.dll+122aede|C:\Program Files\Mozilla Firefox\xul.dll+120351f|C:\Program Files\Mozilla Firefox\xul.dll+3f65e|C:\Program Files\Mozilla Firefox\xul.dll+3c0f18|C:\Program Files\Mozilla Firefox\xul.dll+3bfb5f|C:\Program Files\Mozilla Firefox\xul.dll+39d6aba|C:\Program Files\Mozilla Firefox\xul.dll+3a73bd7|C:\Program Files\Mozilla Firefox\xul.dll+3a75159|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c518|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072338Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.576{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072337Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.567{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072336Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.564{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072335Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.557{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072334Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.554{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072333Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.551{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla Firefox\firefox.exe+40aac|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072332Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.550{8057F119-21D0-60EC-6307-00000000DB01}71727176C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-22BA-60EC-9407-00000000DB01}3852C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+521b0|C:\Program Files\Mozilla Firefox\xul.dll+29fa9ed|C:\Program Files\Mozilla Firefox\xul.dll+29fa6b9|C:\Program Files\Mozilla Firefox\xul.dll+29f58ff|C:\Program Files\Mozilla Firefox\xul.dll+29c1801|C:\Program Files\Mozilla Firefox\xul.dll+4e6ea12|C:\Program Files\Mozilla Firefox\xul.dll+14a9071|C:\Program Files\Mozilla Firefox\xul.dll+14ab9bc|C:\Program Files\Mozilla Firefox\xul.dll+101613|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+3b1a911|C:\Program Files\Mozilla Firefox\xul.dll+101a8a|C:\Program Files\Mozilla Firefox\xul.dll+3c2fad7|C:\Program Files\Mozilla Firefox\xul.dll+faae2|C:\Program Files\Mozilla Firefox\xul.dll+3b1a911|C:\Program Files\Mozilla Firefox\xul.dll+101a8a|C:\Program Files\Mozilla Firefox\xul.dll+1b2763|UNKNOWN(00000059F97F1E84) 10341000x800000000000000072331Microsoft-Windows-Sysmon/Operationalwin-dc-89.attackrange.local-2021-07-12 12:02:07.547{8057F119-21D0-60EC-6307-00000000DB01}71727644C:\Program Files\Mozilla Firefox\firefox.exe{8057F119-21D2-60EC-6807-00000000DB01}7892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cf50|C:\Program Files\Mozilla Firefox\firefox.exe+2caa3|C:\Program Files\Mozilla Firefox\firefox.exe+40db0|C:\Program Files\Mozilla F