734700x80000000000000006495712Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.983{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006495710Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.968{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006495709Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.968{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006495707Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.852{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006495706Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.852{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006495705Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.852{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006495703Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.852{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006495701Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.852{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006495700Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.852{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006495699Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.852{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006495698Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.852{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006495697Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006495696Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006495695Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006495694Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006495693Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006495692Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006495691Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006495690Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006495689Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006495688Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006495687Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006495686Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006495685Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006495684Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006495683Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006495682Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006495681Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006495680Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006495679Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006495678Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006495677Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006495676Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006495675Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006495674Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006495673Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006495672Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006495671Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006495669Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006495668Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006495667Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006495666Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006495652Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.337{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006495650Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.337{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006495649Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.337{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006495644Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.206{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006495620Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.206{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006495598Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.206{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006495596Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.206{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006495586Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.206{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006495583Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.206{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006495568Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.206{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006495566Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.206{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006495565Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.202{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006495564Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.202{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006495563Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.201{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006495562Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.201{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006495561Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.201{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006495560Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.201{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006495559Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.200{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006495558Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006495557Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006495556Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006495555Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006495554Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006495553Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006495552Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006495551Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006495550Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006495549Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006495548Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006495547Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006495546Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006495545Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006495544Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006495543Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006495542Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006495541Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006495540Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006495539Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006495538Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006495536Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006495535Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006495534Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006495533Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006495778Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.551{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006495777Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.551{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006495776Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.551{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006495774Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006495773Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006495772Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006495770Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006495768Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006495767Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006495766Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006495765Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006495764Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006495763Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006495762Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006495761Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006495760Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006495759Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006495758Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006495757Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006495756Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006495755Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006495754Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006495753Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006495752Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006495751Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006495750Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006495749Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006495748Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006495747Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006495746Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006495745Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006495744Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006495743Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006495742Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006495741Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006495739Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006495738Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006495737Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006495736Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006495733Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.404{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006495732Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.404{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006495731Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.404{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006495730Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.404{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006495903Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.833{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006495902Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.833{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006495900Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.702{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006495899Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.702{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006495898Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.702{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006495896Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.701{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006495894Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.700{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006495893Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.700{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006495892Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.699{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006495891Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.699{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006495890Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.698{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006495889Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006495888Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006495887Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006495886Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006495885Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006495884Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006495883Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006495882Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006495881Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006495880Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006495879Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006495878Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006495877Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006495876Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006495875Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006495874Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006495873Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006495872Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006495871Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006495870Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006495869Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006495867Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006495865Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006495864Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006495863Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006495862Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006495861Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006495859Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006495856Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006495855Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006495854Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006495841Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.234{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006495839Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.234{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006495838Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.234{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006495834Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006495833Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006495832Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006495830Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006495828Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006495827Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006495826Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006495825Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006495822Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006495821Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006495820Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006495819Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006495818Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006495817Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006495816Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006495815Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006495814Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006495813Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006495812Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006495811Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006495810Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006495809Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006495808Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006495807Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006495806Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006495805Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006495804Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006495803Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006495802Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006495801Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006495800Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006495799Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006495798Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006495797Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006495796Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006495794Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.102{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006495793Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.102{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006495792Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.101{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006495791Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.101{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006495996Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.532{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006495995Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.532{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006495994Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.532{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006495992Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.401{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006495991Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.401{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006495990Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.401{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006495988Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.401{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006495986Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.401{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006495985Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.401{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006495984Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.401{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006495983Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.401{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006495978Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.396{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006495957Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006495956Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006495955Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006495954Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006495953Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006495952Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006495951Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006495950Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006495949Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006495948Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006495947Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006495946Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006495945Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006495944Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006495943Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006495942Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006495941Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006495940Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006495939Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006495938Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006495937Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006495936Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006495935Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006495934Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006495933Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006495932Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006495931Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006495929Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006495927Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006495926Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006495925Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006495921Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006495920Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006495919Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006495918Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006496096Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.247{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006496095Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.247{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006496094Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.247{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006496086Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006496068Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006496067Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006496066Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006496063Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006496061Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006496060Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006496059Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006496056Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006496055Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006496054Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006496053Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006496052Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006496051Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006496050Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006496049Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006496048Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006496047Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006496046Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006496045Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006496044Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006496043Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006496042Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006496041Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006496040Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006496039Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006496038Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006496037Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006496036Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006496035Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006496034Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006496033Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006496032Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006496031Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006496030Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006496029Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006496027Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006496026Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.099{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006496025Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.099{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006496024Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.098{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006496192Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:13.491{4DF467A6-4262-613A-FAFA-00000000F001}5052C:\Windows\System32\sppsvc.exeC:\Windows\System32\taskschd.dll10.0.14393.4402 (rs1_release.210426-1725)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=76BF5CA81C749140E05C7519B13B299E,SHA256=D5CBDB2EEE67E582198F9DB213EC95DF9107F08D646E67FFA723066CC434B515trueMicrosoft WindowsValid 734700x80000000000000006496154Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:13.491{4DF467A6-4262-613A-FAFA-00000000F001}5052C:\Windows\System32\sppsvc.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006496152Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:13.486{4DF467A6-4262-613A-FAFA-00000000F001}5052C:\Windows\System32\sppsvc.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006496900Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.620{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006496899Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.620{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006496898Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.620{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006496896Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.498{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006496895Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.498{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006496894Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.498{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006496892Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.498{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006496890Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.498{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006496889Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.498{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006496888Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.498{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006496887Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.498{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006496886Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006496885Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006496884Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006496883Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006496882Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006496881Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006496880Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006496879Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006496878Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006496877Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006496876Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006496875Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006496874Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006496873Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006496872Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006496871Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006496870Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006496869Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006496868Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006496867Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006496866Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006496865Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006496864Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006496863Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006496862Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006496861Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006496860Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006496859Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006496858Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006496857Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006496856Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006496855Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006496853Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006496852Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006496851Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006496850Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006497028Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.949{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006497026Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.949{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006497025Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.949{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006497021Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006497020Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006497019Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006497017Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006497015Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006497014Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006497013Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006497012Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006497011Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006497010Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006497009Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006497008Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006497007Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006497006Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006497005Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006497004Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006497003Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006497002Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006497001Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006497000Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006496999Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006496998Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006496997Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006496996Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006496995Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006496994Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006496993Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006496992Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006496991Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.817{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006496990Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.817{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006496989Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.817{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006496988Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.817{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006496987Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.817{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006496986Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.817{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006496985Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.817{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006496984Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.816{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006496982Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.815{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006496981Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.815{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006496980Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.814{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006496979Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.814{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006496965Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.266{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006496963Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.266{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006496962Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.266{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006496959Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006496958Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006496957Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006496955Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006496953Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006496952Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006496951Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006496950Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006496949Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006496948Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006496947Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006496946Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006496945Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006496944Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006496943Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006496942Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006496941Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006496940Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006496939Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006496938Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006496937Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006496936Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006496935Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006496934Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006496933Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006496932Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006496931Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.119{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006496930Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.119{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006496929Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.119{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006496928Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.119{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006496927Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.119{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006496926Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.119{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006496925Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.119{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006496924Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.119{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006496923Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.119{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006496921Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.119{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006496920Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.119{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006496919Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.119{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006496918Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.119{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006497092Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.648{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006497090Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.648{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006497089Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.648{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006497086Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006497085Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006497084Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006497082Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006497080Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006497079Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006497078Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006497077Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006497076Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006497075Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006497074Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006497073Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006497072Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006497071Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006497070Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006497069Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006497068Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006497067Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006497066Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006497065Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006497064Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006497063Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006497062Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006497061Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006497060Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006497059Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006497058Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006497057Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006497056Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006497055Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006497054Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006497053Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006497052Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006497051Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.516{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006497050Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.516{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006497048Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.514{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006497047Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.514{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006497046Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.513{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006497045Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.513{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006497211Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.912{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006497210Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.911{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006497209Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.911{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006497207Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.910{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006497205Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.909{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006497204Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006497203Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006497202Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006497201Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006497200Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006497199Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006497198Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006497197Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006497196Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006497195Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006497194Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006497193Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006497192Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006497191Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006497190Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006497189Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006497188Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006497187Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006497186Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006497185Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006497184Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006497183Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006497182Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006497181Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006497180Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006497179Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006497178Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006497177Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006497176Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006497175Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006497174Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006497172Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006497171Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006497170Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006497169Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006497153Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.331{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006497152Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.331{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006497150Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.214{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006497149Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.213{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006497148Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.213{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006497146Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.212{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006497144Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.211{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006497143Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.211{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006497142Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.210{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006497141Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.210{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006497140Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006497139Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006497138Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006497137Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006497136Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006497135Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006497134Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006497133Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006497132Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006497131Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006497130Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006497129Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006497128Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006497127Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006497126Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006497125Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006497124Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006497123Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006497122Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006497121Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006497120Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006497119Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006497118Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006497117Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006497116Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006497115Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006497114Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006497113Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006497111Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006497110Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006497109Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006497108Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006497277Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.729{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006497276Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.729{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006497275Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.729{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006497273Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.611{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006497272Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.611{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006497271Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.610{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006497269Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.610{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006497267Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.608{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006497266Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.608{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006497265Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.608{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006497264Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006497263Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006497262Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006497261Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006497260Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006497259Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006497258Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006497257Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006497256Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006497255Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006497254Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006497253Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006497252Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006497251Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006497250Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006497249Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006497248Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006497247Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006497246Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006497245Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006497244Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006497243Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006497242Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006497241Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006497240Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006497239Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006497238Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006497237Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006497236Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006497234Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006497233Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006497232Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006497231Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006497217Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.030{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006497216Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.030{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006497215Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.030{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006498389Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006498388Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006498387Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006498385Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006498383Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006498382Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006498381Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006498380Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006498379Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006498378Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006498377Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006498376Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006498375Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006498374Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006498373Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006498372Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006498371Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006498370Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006498369Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006498368Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006498367Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006498366Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006498365Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006498364Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006498363Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006498362Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006498361Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006498360Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006498359Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006498358Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006498357Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006498356Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006498355Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006498354Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006498353Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006498352Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006498351Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006498350Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006498349Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.878{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006498348Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.878{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006498346Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.878{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006498345Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.878{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006498344Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.878{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006498343Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.878{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006498326Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.494{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006498324Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.494{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006498323Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.494{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006498322Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006498321Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006498320Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006498318Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006498316Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006498315Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006498314Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006498313Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006498312Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006498311Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006498310Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006498309Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006498308Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006498307Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006498306Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006498305Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006498304Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006498303Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006498302Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006498301Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006498300Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006498299Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006498298Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006498297Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006498296Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006498295Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006498294Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006498293Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006498292Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006498291Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006498290Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006498289Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006498288Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006498287Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006498286Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006498284Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006498283Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006498282Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006498281Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006498460Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.709{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006498458Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.709{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006498457Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.709{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006498456Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.593{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006498455Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.593{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006498454Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.593{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006498452Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.593{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006498450Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.593{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006498449Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.593{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006498448Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006498447Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006498446Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006498445Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006498444Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006498443Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006498442Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006498441Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006498440Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006498438Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006498437Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006498436Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006498435Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006498433Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006498432Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006498431Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006498430Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006498429Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006498428Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006498427Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006498426Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006498425Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006498424Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006498423Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006498422Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006498421Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006498420Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006498419Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006498418Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006498416Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006498415Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006498414Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006498413Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006498395Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.031{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006498394Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.031{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006498393Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.031{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006498590Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.976{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006498589Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.976{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006498588Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.976{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006498582Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006498581Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006498580Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006498578Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006498576Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006498575Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006498574Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006498573Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006498572Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006498571Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006498570Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006498569Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006498568Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006498567Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006498566Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006498565Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006498564Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006498563Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006498562Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006498561Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006498560Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006498559Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006498558Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006498557Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006498556Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006498555Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006498554Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006498553Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006498552Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006498551Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006498550Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.829{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006498549Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.829{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006498548Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.829{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006498547Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.829{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006498546Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.829{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006498545Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.829{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006498543Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.829{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006498542Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.829{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006498541Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.829{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006498540Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.829{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006498524Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.376{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006498523Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.376{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006498520Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.261{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006498519Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.261{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006498518Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.261{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006498516Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006498514Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006498513Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006498512Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006498511Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006498510Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006498509Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006498508Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006498507Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006498506Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006498505Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006498504Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006498503Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006498502Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006498501Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006498500Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006498499Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006498498Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006498497Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006498496Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006498495Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006498494Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006498493Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006498492Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006498491Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006498490Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006498489Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006498488Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006498487Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006498486Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006498485Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006498484Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006498483Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006498481Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006498480Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.230{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006498479Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.230{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006498478Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.230{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006498652Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.675{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006498650Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.659{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006498649Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.659{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006498647Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006498646Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006498645Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006498643Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006498641Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006498640Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006498639Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006498638Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006498637Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006498636Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006498635Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006498634Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006498633Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006498632Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006498631Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006498630Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006498629Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006498628Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006498627Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006498626Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006498625Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006498624Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006498623Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006498622Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006498621Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.527{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006498620Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.527{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006498619Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.527{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006498618Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.527{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006498617Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.527{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006498616Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.527{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006498615Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.527{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006498614Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.527{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006498613Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.527{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006498612Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.527{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006498611Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.526{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006498610Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.526{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006498608Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.525{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006498607Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.525{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006498606Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.524{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006498605Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.524{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006498714Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.358{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006498713Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.358{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006498712Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.358{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006498710Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006498709Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006498708Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006498706Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006498704Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006498703Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006498702Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006498701Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006498700Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006498699Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006498698Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006498697Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006498696Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006498695Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006498694Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006498693Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006498692Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006498691Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006498690Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006498689Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006498688Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006498687Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006498686Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006498685Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006498684Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006498683Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006498682Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006498681Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006498680Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006498679Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.226{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006498678Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.226{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006498677Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.226{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006498676Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.226{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006498675Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.225{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006498674Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.225{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006498673Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.225{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006498671Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.224{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006498670Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.224{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006498669Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.223{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006498668Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.223{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006499362Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.479{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006499361Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.479{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006499360Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.479{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006499359Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006499358Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006499357Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006499355Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006499353Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006499352Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006499351Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006499350Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006499349Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006499348Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006499347Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006499346Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006499345Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006499344Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006499343Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006499342Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006499341Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006499340Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006499339Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006499338Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006499337Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006499336Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006499335Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006499334Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006499333Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006499332Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006499331Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006499330Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006499329Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006499328Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006499327Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.347{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006499326Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.347{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006499325Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.347{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006499324Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.347{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006499323Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.347{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006499322Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.347{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006499320Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.345{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006499319Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.345{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006499318Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.345{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006499317Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.344{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006499498Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.861{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006499496Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.861{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006499495Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.861{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006499494Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.744{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006499493Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.743{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006499492Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.743{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006499490Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.742{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006499488Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.741{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006499487Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.740{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006499486Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.740{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006499485Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.740{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006499484Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006499483Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006499482Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006499481Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006499480Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006499479Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006499478Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006499477Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006499476Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006499475Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006499474Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006499473Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006499472Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006499471Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006499470Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006499469Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006499468Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006499467Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006499466Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006499465Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006499464Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006499463Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006499462Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006499461Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006499460Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006499459Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006499458Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006499456Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006499455Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006499454Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006499453Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006499431Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.178{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006499429Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.178{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006499428Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.178{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006499426Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006499425Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006499424Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006499422Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006499420Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006499419Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006499418Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006499417Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006499416Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006499415Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006499414Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006499413Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006499412Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006499411Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006499410Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006499409Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006499408Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006499407Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006499406Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006499405Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006499404Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006499403Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006499402Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006499401Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006499400Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.046{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006499399Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.046{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006499398Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.046{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006499397Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.046{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006499396Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.046{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006499395Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.046{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006499394Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.045{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006499393Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.045{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006499392Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.045{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006499391Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.045{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006499390Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.045{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006499388Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.044{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006499387Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.043{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006499386Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.043{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006499385Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.043{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006499689Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006499688Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006499687Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36trueMicrosoft WindowsValid 734700x80000000000000006499686Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430DtrueMicrosoft WindowsValid 734700x80000000000000006499685Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\thumbcache.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Thumbnail CacheMicrosoft® Windows® Operating SystemMicrosoft Corporationthumbcache.dllMD5=C146766884A92B154F2EB38463F2263D,SHA256=48C5CC7760187EDB140A904D3AC5FD24F740973CDBA07962047859F84E7BEB9CtrueMicrosoft WindowsValid 734700x80000000000000006499682Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12trueMicrosoft WindowsValid 734700x80000000000000006499681Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002AtrueMicrosoft WindowsValid 734700x80000000000000006499680Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006499679Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006499678Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006499677Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006499676Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006499674Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006499673Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006499672Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006499671Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006499670Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006499669Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006499668Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006499666Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006499665Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006499664Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006499663Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\dllhost.exe10.0.14393.0 (rs1_release.160715-1616)COM SurrogateMicrosoft® Windows® Operating SystemMicrosoft Corporationdllhost.exeMD5=DA63852A2B0340E94D74EAF0CD444979,SHA256=EE8364C07B3F4F71FA649E0E6C4C73C15D285130E4B16E79890EEBBF89C2164EtrueMicrosoft WindowsValid 734700x80000000000000006499655Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.523{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006499654Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.523{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006499652Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.392{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006499651Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.392{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006499650Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.392{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006499648Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.392{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006499646Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.392{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006499645Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.392{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006499644Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.392{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006499643Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.392{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006499642Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.392{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006499641Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006499640Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006499639Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006499638Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006499637Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006499636Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006499635Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006499634Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006499633Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006499632Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006499631Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006499630Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006499629Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006499628Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006499627Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006499626Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006499625Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006499624Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006499623Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006499622Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006499621Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006499620Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006499619Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006499618Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006499617Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006499616Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006499615Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006499613Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006499612Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006499611Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006499610Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006499856Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.859{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006499855Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.859{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006499854Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.859{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006499853Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.743{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006499852Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.743{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006499851Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.743{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006499849Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.743{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006499847Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.743{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006499846Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.743{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006499845Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.743{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006499844Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.742{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006499843Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006499842Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006499841Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006499840Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006499839Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006499838Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006499837Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006499836Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006499835Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006499834Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006499833Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006499832Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006499831Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006499830Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006499829Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006499828Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006499827Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006499826Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006499825Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006499824Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006499823Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006499822Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006499821Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006499820Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006499819Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006499818Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006499817Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006499816Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006499815Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006499814Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006499813Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006499812Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006499810Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006499809Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006499808Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006499807Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006499767Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.222{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006499765Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.207{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006499764Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.207{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006499761Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.091{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006499759Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.091{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006499758Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.091{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006499756Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006499755Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006499753Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006499752Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006499751Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006499750Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006499749Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006499748Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006499747Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006499746Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006499745Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006499744Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006499743Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006499742Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006499741Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006499740Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006499739Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006499738Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006499737Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006499736Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006499735Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006499734Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006499733Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006499732Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006499731Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006499730Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006499729Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006499728Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006499727Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006499726Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006499725Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006499724Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006499723Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006499721Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006499720Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006499719Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006499718Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006499929Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.505{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006499928Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.505{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006499927Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.505{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006499926Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.389{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006499925Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.389{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006499924Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.389{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006499922Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.389{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006499920Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006499919Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006499918Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006499917Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006499916Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006499915Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006499914Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006499913Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006499912Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006499911Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006499910Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006499909Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006499908Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006499907Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006499906Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006499905Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006499904Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006499903Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006499902Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006499901Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006499900Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006499899Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006499898Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006499897Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006499896Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006499895Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006499894Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006499893Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006499892Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006499891Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006499890Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006499889Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006499887Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006499886Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006499885Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006499884Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006499971Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:08.870{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\mydocs.dll10.0.14393.4169 (rs1_release.210107-1130)My Documents Folder UIMicrosoft® Windows® Operating SystemMicrosoft Corporationmydocs.dllMD5=999FD44CF5713852E6083A43A7917761,SHA256=D5C75951C29B7F0AAA4EC9E9AB3195933E650C1F171092F389FD4DB66CA1CA20trueMicrosoft WindowsValid 734700x80000000000000006499969Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:08.870{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\sendmail.dll10.0.14393.4169 (rs1_release.210107-1130)Send MailMicrosoft® Windows® Operating SystemMicrosoft CorporationSENDMAIL.DLLMD5=04626525E567811FC7ECB3E31D94F8B0,SHA256=678A3A9DD713DC61F72112BD3160B8753F1A50D1179FDFABD265C32103980A6AtrueMicrosoft WindowsValid 734700x80000000000000006500035Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:11.352{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\wpdshext.dll10.0.14393.4169 (rs1_release.210107-1130)Portable Devices Shell ExtensionMicrosoft® Windows® Operating SystemMicrosoft CorporationWpdShExt.dllMD5=CEB555E9099888316A1E2ADE83BA82BF,SHA256=4110FFD5F08100D1F6E1005E2907460E40B3221A0833B821BE291657416E89F0trueMicrosoft WindowsValid 734700x80000000000000006500654Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.828{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\directmanipulation.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Direct Manipulation ComponentMicrosoft® Windows® Operating SystemMicrosoft Corporationdirectmanipulation.dllMD5=EA7CE188E0D1E66C361C8B87304EACDE,SHA256=9ADCA2B7554173A0FD8833F65935C151B09A5D790F46E9EC4EE25E9622F1159AtrueMicrosoft WindowsValid 734700x80000000000000006500653Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.828{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\sxs.dll10.0.14393.4169 (rs1_release.210107-1130)Fusion 2.5Microsoft® Windows® Operating SystemMicrosoft CorporationSXS.DLLMD5=54FB18CA661D074CBB60D5A58D40C8D3,SHA256=A2BD6160222A216F8A6830C1273662F8AE88F53D2CE6DA5893FF70D146A0A2B0trueMicrosoft WindowsValid 734700x80000000000000006500640Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.791{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\msvcp110_win.dll10.0.14393.2007 (rs1_release.171231-1800)Microsoft® STL110 C++ Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp110_win.dllMD5=BFB390484F611C21582AD11E4C6ADEF2,SHA256=30B5AD268C022FCA2AACAE2CB6E4DC36F6A01C16A006046BB4417CEA96DA4F5AtrueMicrosoft WindowsValid 734700x80000000000000006500614Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.791{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\policymanager.dll10.0.14393.4169 (rs1_release.210107-1130)Policy Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPolicyManager.dllMD5=58677E3FBF7D29109E8EB578062F1C81,SHA256=F751521EBC10CC1F0BC6AAB2715B9169439A014F178A7D6880080567D880C103trueMicrosoft WindowsValid 734700x80000000000000006500613Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.791{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\thumbcache.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Thumbnail CacheMicrosoft® Windows® Operating SystemMicrosoft Corporationthumbcache.dllMD5=C146766884A92B154F2EB38463F2263D,SHA256=48C5CC7760187EDB140A904D3AC5FD24F740973CDBA07962047859F84E7BEB9CtrueMicrosoft WindowsValid 734700x80000000000000006500608Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.775{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\oleacc.dll7.2.14393.4169 (rs1_release.210107-1130)Active Accessibility Core ComponentMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEACC.DLLMD5=1B04659F0A22BFE9142B6AD36467ACEA,SHA256=67BC7C19D71FB98A7B5882B0F2BFC8F2E4491B4ACBE23EE545D54FFCAEC808E9trueMicrosoft WindowsValid 734700x80000000000000006500588Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.791{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\WindowsCodecs.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Windows Codecs LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationWindowsCodecsMD5=B791899A46FD151559658F4F86C3C6F5,SHA256=E559B36A3CC2261C16916F2D49FA351DC4E21E5EC581AC43547ABA16F70CDA7EtrueMicrosoft WindowsValid 734700x80000000000000006500579Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.775{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\edputil.dll10.0.14393.2608 (rs1_release.181024-1742)EDP utilMicrosoft® Windows® Operating SystemMicrosoft CorporationEDPUTIL.DLLMD5=75AC86B00CE4C64B02B105A55CA35628,SHA256=DB31A2345E3BB8DC79BFB4CC29615E3B8B7638AE80BFEC45FA57852669A592AEtrueMicrosoft WindowsValid 734700x80000000000000006500576Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.775{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\UIAnimation.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Animation ManagerMicrosoft® Windows® Operating SystemMicrosoft CorporationUIAnimation.DLLMD5=7F8B0CD5AB8C3E677B98400A2E7C3A75,SHA256=D49C09FBF9BD077A81CB9DA8DE09D2EB1835BCF5F0153373DCE6B484A0F64227trueMicrosoft WindowsValid 734700x80000000000000006500551Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.775{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\dcomp.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft DirectComposition LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationdcomp.dllMD5=40873566DBFF13981CA1AE23AC281C5D,SHA256=E52C4619C837358454B969D31E2E14ACDEDABB384272D48C03E4F0AF9A2C2B6EtrueMicrosoft WindowsValid 734700x80000000000000006500539Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.775{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\ResourcePolicyClient.dll10.0.14393.3808 (rs1_release.200707-2105)Resource Policy ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationResourcePolicyClient.dllMD5=8FD5FEFE4E020BBC2D95F07BCDC84F71,SHA256=E5E351822CCDEBF81C47C4CA1D5C158E2880C1BD29CA024D163FD9316F3046AEtrueMicrosoft WindowsValid 734700x80000000000000006500538Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.760{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\BCP47Langs.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)BCP47 Language ClassesMicrosoft® Windows® Operating SystemMicrosoft CorporationBCP47Lang.dllMD5=F688C2B9DD2EB56C3B0312B6380338AA,SHA256=B22DB210486D3B5F4EEB17900C5E7AA0EEFEDBB068A0C4858EFE9F8018C34628trueMicrosoft WindowsValid 734700x80000000000000006500524Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.775{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\d3d10warp.dll10.0.14393.2608 (rs1_release.181024-1742)Direct3D 10 RasterizerMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D10Warp.dllMD5=B69F0419A16A616FE2D779EC98CD7FB9,SHA256=2D10B43F2137433E48A009227487C691E312D186691485D33B4FDF90D8423C9DtrueMicrosoft WindowsValid 734700x80000000000000006500522Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.775{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\dxgi.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)DirectX Graphics InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationdxgi.dllMD5=3C32D763740C83DB2C44DEA4B6F18C54,SHA256=ED26DBB9C3656767CA25887CDC3B45CF978AFC75E064FF5457A36C7A69E55223trueMicrosoft WindowsValid 734700x80000000000000006500521Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.775{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\d3d11.dll10.0.14393.4467 (rs1_release.210604-1844)Direct3D 11 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D11.dllMD5=F940A91B13592184F228ECC14D8D9358,SHA256=2BC05A4D09CDBAB8DB5F767DC95F31B2CA324928A94F004C7C2968E3E9E635E2trueMicrosoft WindowsValid 734700x80000000000000006500516Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.760{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\duser.dll10.0.14393.0 (rs1_release.160715-1616)Windows DirectUser EngineMicrosoft® Windows® Operating SystemMicrosoft CorporationDUser.DLLMD5=42D5E1F8641E9DCEE0D8751F6F7A8961,SHA256=9168110EF404BF179888AF4A0F02B2817F020BFB16351778F2DDD6915C92F190trueMicrosoft WindowsValid 734700x80000000000000006500495Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.760{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\DWrite.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=1875083243EE498D0B2BB6B025AD7520,SHA256=A3FA592126642537BF6F0E4E9750A43A899525FE616DE899ABD7F26A9E7620C4trueMicrosoft WindowsValid 734700x80000000000000006500493Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.760{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\msctf.dll10.0.14393.4530 (rs1_release.210705-0736)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=E2374A214A9F0C8347C29EBDE3447986,SHA256=F2260FE7E0C4E92D49CF0F550E2A1B3D3F1D2D76E6F5C8F16B0E16B6117D9EE1trueMicrosoft WindowsValid 734700x80000000000000006500488Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.728{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176trueMicrosoft WindowsValid 734700x80000000000000006500466Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.744{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\dui70.dll10.0.14393.4169 (rs1_release.210107-1130)Windows DirectUI EngineMicrosoft® Windows® Operating SystemMicrosoft CorporationDUI70.DLLMD5=C3DC010AC7F5880CC7BE626566FC4130,SHA256=3ED6E9D0AF769B0BFBE94DFF4CC07A94A81271133FBB60C9EB02676C92FFB87EtrueMicrosoft WindowsValid 734700x80000000000000006500463Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.728{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\Windows.UI.Immersive.dll10.0.14393.4583 (rs1_release.210730-1850)WINDOWS.UI.IMMERSIVEMicrosoft® Windows® Operating SystemMicrosoft CorporationWINDOWS.UI.IMMERSIVE.dllMD5=C3ABC6F71036CD4F4FD947774D2B12F0,SHA256=F747F8236190DD21A19554C97D8C027C6A5EC080EF327CCD6E8359E1B164E32EtrueMicrosoft WindowsValid 734700x80000000000000006500431Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.744{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84BtrueMicrosoft WindowsValid 734700x80000000000000006500430Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.728{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\UIAutomationCore.dll7.2.14393.4169 (rs1_release.210107-1130)Microsoft UI Automation CoreMicrosoft® Windows® Operating SystemMicrosoft CorporationUIAutomationCore.dllMD5=9B2DCFE11EEBDDC18A8F5964E04E64A0,SHA256=5CBC5B45B9EB5B4EF1360005CD675D20D7EE9FE588DA24543FF7C9ACB88317FFtrueMicrosoft WindowsValid 734700x80000000000000006500416Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.707{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\OneCoreCommonProxyStub.dll10.0.14393.2395 (rs1_release_inmarket.180714-1932)OneCore Common Proxy StubMicrosoft® Windows® Operating SystemMicrosoft CorporationOneCoreCommonProxyStub.dllMD5=02CEC1566FB0709923FF7A9FEC254D96,SHA256=81BED60AEB79C489E9F79996A3F0AB626E6CA247EBB656B6B9897C47A39F6AFBtrueMicrosoft WindowsValid 734700x80000000000000006500388Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.691{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\twinapi.appcore.dll10.0.14393.4169 (rs1_release.210107-1130)twinapi.appcoreMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.appcore.dllMD5=B877C5BDEA2215B3D3CF89F645EB535C,SHA256=2F5468CC4277C8CB4B2AD1095AFC739ECAE0F0B6EE78E57BF64A97F3BDA54C19trueMicrosoft WindowsValid 734700x80000000000000006500344Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.660{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899trueMicrosoft WindowsValid 734700x80000000000000006500323Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.660{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CAtrueMicrosoft WindowsValid 734700x80000000000000006500300Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.691{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006500299Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.691{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\WinTypes.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Base Types DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWinTypes.dllMD5=9F209F29ABFF007F55328BCC36367005,SHA256=7F2CBE9B349062DFD782032D50C335E6C292EC5F509746941982A7161F24ED84trueMicrosoft WindowsValid 734700x80000000000000006500298Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.691{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\WinTypes.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Base Types DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWinTypes.dllMD5=9F209F29ABFF007F55328BCC36367005,SHA256=7F2CBE9B349062DFD782032D50C335E6C292EC5F509746941982A7161F24ED84trueMicrosoft WindowsValid 734700x80000000000000006500297Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.691{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=74621C6ABE4E9A568DF0A38E7282D71E,SHA256=0788A092D47800D0EB120A7DBB9E59234D0722A4A2E80ECE6CE70E3A84A3750AtrueMicrosoft WindowsValid 734700x80000000000000006500296Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.691{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\twinui.dll10.0.14393.4530 (rs1_release.210705-0736)TWINUIMicrosoft® Windows® Operating SystemMicrosoft CorporationTWINUI.dllMD5=F15DB5648B67AF232484A125712E518B,SHA256=A0E7EA737137B18751C52E86E51A13DB2D527265EB017FA3072746903FD9BF01trueMicrosoft WindowsValid 734700x80000000000000006500292Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.660{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\windows.storage.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=1D7997E3AFC26B85024D33F835E18056,SHA256=B2376967E156D4971FB66059F6367030AF937943D2EBF80AF856E643B6E95BBFtrueMicrosoft WindowsValid 734700x80000000000000006500270Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.691{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36trueMicrosoft WindowsValid 734700x80000000000000006500269Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.691{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006500268Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.691{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006500267Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.691{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\actxprxy.dll10.0.14393.3808 (rs1_release.200707-2105)ActiveX Interface Marshaling LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationActXPrxy.dllMD5=087C47C19BBFCB9F4932C03C0189E86B,SHA256=9BEE35FBFA2E595372D82E8858BE46CE7717E0399996960398BC238F4D0E5207trueMicrosoft WindowsValid 734700x80000000000000006500266Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.691{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006500264Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.675{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006500261Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.675{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12trueMicrosoft WindowsValid 734700x80000000000000006500260Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.675{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002AtrueMicrosoft WindowsValid 734700x80000000000000006500259Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.675{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5trueMicrosoft WindowsValid 734700x80000000000000006500258Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.660{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006500257Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.660{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006500256Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.660{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006500255Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.660{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575trueMicrosoft WindowsValid 734700x80000000000000006500253Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.660{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704trueMicrosoft WindowsValid 734700x80000000000000006500252Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\shell32.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=837B8644B9CE47EC28152E7D764886E0,SHA256=C5BA64473FB38E6B4592EAFA642AF82715CBC676190985D8D8D4150CE840044FtrueMicrosoft WindowsValid 734700x80000000000000006500251Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006500250Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006500249Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006500248Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006500245Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430DtrueMicrosoft WindowsValid 734700x80000000000000006500241Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\OpenWith.exe10.0.14393.4169 (rs1_release.210107-1130)Pick an appMicrosoft® Windows® Operating SystemMicrosoft CorporationOpenWith.exeMD5=196A5E5EF42F8CADACD75FAF17E18689,SHA256=8E9759AE4C7644BC975A2A33BC9E4D17C39B4D6DAAE19F7401181C05DC9D1B90trueMicrosoft WindowsValid 734700x80000000000000006500233Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006500222Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006500220Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006500219Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006500218Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006500216Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006500215Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006500213Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006500993Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.984{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=74621C6ABE4E9A568DF0A38E7282D71E,SHA256=0788A092D47800D0EB120A7DBB9E59234D0722A4A2E80ECE6CE70E3A84A3750AtrueMicrosoft WindowsValid 734700x80000000000000006500973Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.984{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\sppc.dll10.0.14393.67 (rs1_release.160804-2231)Software Licensing Client DllMicrosoft® Windows® Operating SystemMicrosoft Corporationsppc.dllMD5=7CF84329545035CC0833119C7268A620,SHA256=49E3FA8B9F9ACB1A2CEDE37970361316C93286CEE7F70DE5985E7135498A4210trueMicrosoft WindowsValid 734700x80000000000000006500972Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.984{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\slc.dll10.0.14393.67 (rs1_release.160804-2231)Software Licensing Client DllMicrosoft® Windows® Operating SystemMicrosoft Corporationslc.dllMD5=060E11DCB875D981E948073986E295DC,SHA256=30858EA58F24537CC3369091F92AD70C59877BDB1FDF8DEC7762A7AB72DDE885trueMicrosoft WindowsValid 734700x80000000000000006500970Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.968{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dxgi.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)DirectX Graphics InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationdxgi.dllMD5=3C32D763740C83DB2C44DEA4B6F18C54,SHA256=ED26DBB9C3656767CA25887CDC3B45CF978AFC75E064FF5457A36C7A69E55223trueMicrosoft WindowsValid 734700x80000000000000006500944Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.968{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ResourcePolicyClient.dll10.0.14393.3808 (rs1_release.200707-2105)Resource Policy ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationResourcePolicyClient.dllMD5=8FD5FEFE4E020BBC2D95F07BCDC84F71,SHA256=E5E351822CCDEBF81C47C4CA1D5C158E2880C1BD29CA024D163FD9316F3046AEtrueMicrosoft WindowsValid 734700x80000000000000006500940Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.968{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\winsta.dll10.0.14393.0 (rs1_release.160715-1616)Winstation LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationwinsta.dllMD5=12668CEFEE3754CFA61C5699821668B3,SHA256=D0C81619EDE8B846D98417989684EF16DF3A053CC049C7281E40F3359AD5B570trueMicrosoft WindowsValid 734700x80000000000000006500937Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.968{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msctf.dll10.0.14393.4530 (rs1_release.210705-0736)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=E2374A214A9F0C8347C29EBDE3447986,SHA256=F2260FE7E0C4E92D49CF0F550E2A1B3D3F1D2D76E6F5C8F16B0E16B6117D9EE1trueMicrosoft WindowsValid 734700x80000000000000006500934Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.968{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12trueMicrosoft WindowsValid 734700x80000000000000006500933Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.953{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\d2d1.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft D2D LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationd2d1MD5=E15A420D82314AF63973D7D0AB3BA2DD,SHA256=C264B2FA1F3E67E558E2671807C06270926EF456F4FF83F1F9859B18184F187EtrueMicrosoft WindowsValid 734700x80000000000000006500929Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.953{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msi.dll5.0.14393.4530Windows InstallerWindows Installer - UnicodeMicrosoft Corporationmsi.dllMD5=4479EEB5C5400D4C084274BA015750FA,SHA256=6B30AE7147132038E603EEB2D35C35BB3D03EC5AFA560D31969E2D39A44ACDCDtrueMicrosoft WindowsValid 734700x80000000000000006500926Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.937{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5trueMicrosoft WindowsValid 734700x80000000000000006500924Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.921{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSO.DLL16.0.13801.20796Microsoft Office componentMicrosoft OfficeMicrosoft CorporationMSO.dllMD5=DEAB06C2DDF8959448455176D2A1754E,SHA256=49708B1D39D76B2E9F096B95BCB30B6601D3B5C8E1D84830740EC25FE8F38F39trueMicrosoft CorporationValid 734700x80000000000000006500923Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.921{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wtsapi32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Remote Desktop Session Host Server SDK APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationwtsapi32.dllMD5=D0DB3DD09FB2B4ADABF4E719FAFC4EB9,SHA256=8B7C056B5F4AB604ED5077A39C63CE1B5A34929DE76DA4A3C54D6E648D123BABtrueMicrosoft WindowsValid 734700x80000000000000006500922Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.921{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36trueMicrosoft WindowsValid 734700x80000000000000006500921Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.921{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso98win32client.dll16.0.13801.20808Microsoft Office componentMicrosoft OfficeMicrosoft CorporationMso98Win32Client.dllMD5=58F3352E3A0867817F759EA7940F2E10,SHA256=86AFDD63CFCA5B03D5265A2828F073CA401FE00B555B40AD9A0F7A193E200315trueMicrosoft CorporationValid 734700x80000000000000006500914Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.900{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wevtapi.dll10.0.14393.3053 (rs1_release_inmarket.190612-1836)Eventing Consumption and Configuration APIMicrosoft® Windows® Operating SystemMicrosoft Corporationwevtapi.dllMD5=E0D1C6AC18800339A2EC1134A7C899ED,SHA256=E4340ACB47A202B1BFCE678C44BA5B0B171E388021B0B7D0CED19A55AD9712E1trueMicrosoft WindowsValid 734700x80000000000000006500910Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.918{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso50win32client.dll16.0.13801.20442Microsoft Office componentMicrosoft OfficeMicrosoft CorporationMso50Win32Client.dllMD5=AF5E26C38079AF31CCAA732B6A351A0D,SHA256=C0BBDC787DCD21EF78B89B6C18C81A1ECC8F5B4D3C4E2F412525FD70039E667DtrueMicrosoft CorporationValid 734700x80000000000000006500895Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.915{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso40UIwin32client.dll16.0.13801.20840Microsoft Office componentMicrosoft OfficeMicrosoft Corporationmso40uiWin32Client.dllMD5=42CCB21CAB1B66AA9C7FF859A4BED97B,SHA256=76EFA67F0B7EA66DEAB42DB051DBCBA4B05EC04032B1D8AAE5E7761D7C6CA24FtrueMicrosoft CorporationValid 734700x80000000000000006500893Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.900{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso30win32client.dll16.0.13801.20840Microsoft Office componentMicrosoft OfficeMicrosoft CorporationMso30Win32Client.dllMD5=F4FDCEA65C429F01EEC45163F005B5E3,SHA256=F3FF96E7EBF9E4BB43170456395F09C1DAB832B1F66EBFAFF5EF54344DB929D5trueMicrosoft CorporationValid 734700x80000000000000006500892Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.900{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ntasn1.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft ASN.1 APIMicrosoft® Windows® Operating SystemMicrosoft Corporationntasn1.dllMD5=A45B23E8D2623CE3F760377766AF3E24,SHA256=E0A8F5055CD9E2AF029B8537E09EFFAF1F46C724CB720A6395DCF563EF70B843trueMicrosoft WindowsValid 734700x80000000000000006500881Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.900{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006500871Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.900{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ncrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows NCrypt RouterMicrosoft® Windows® Operating SystemMicrosoft Corporationncrypt.dllMD5=025DBE9D0F7AE719C64DE3A4555A7C0A,SHA256=1A223828A444E7797A9E00632DAE81AC3AC68B38786E67912B1C3FC6118FB6B4trueMicrosoft WindowsValid 734700x80000000000000006500866Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.900{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006500865Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.900{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\RstrtMgr.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)Restart ManagerMicrosoft® Windows® Operating SystemMicrosoft CorporationRstrtMgr.dllMD5=F14EA4521A8C000F1165581B5837355E,SHA256=6CB383C1FFB8AB7301B1666EEA83FD484EA049147C834725894652DB20D28359trueMicrosoft WindowsValid 734700x80000000000000006500863Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.900{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242trueMicrosoft WindowsValid 734700x80000000000000006500862Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.900{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FAtrueMicrosoft WindowsValid 734700x80000000000000006500861Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.884{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\cryptui.dll10.0.14393.3321 (rs1_release.191016-1811)Microsoft Trust UI ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationCRYPTUI.DLLMD5=7BA8C29986BA103E2353D405DCCB87D7,SHA256=E9FFD440B5318D65AC2A38125CC417C8F34C6344CA8D9251A8ABE74D14C518B8trueMicrosoft WindowsValid 734700x80000000000000006500860Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.884{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso20win32client.dll16.0.13801.20840Microsoft Office componentMicrosoft OfficeMicrosoft CorporationMso20Win32Client.dllMD5=33E67D19ED73BD77FAB770F3677363E0,SHA256=3A7198AC7F995AE9FCA91372AFC3719C04417D638EE37EAA3162DE0A99F0F6B9trueMicrosoft CorporationValid 734700x80000000000000006500859Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.884{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5trueMicrosoft WindowsValid 734700x80000000000000006500858Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.884{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.4530_none_aec97a71ddd5fa56\GdiPlus.dll10.0.14393.4530 (rs1_release.210705-0736)Microsoft GDI+Microsoft® Windows® Operating SystemMicrosoft CorporationgdiplusMD5=D1F325FD8BA2F0AA9F853CB05DBDE6F6,SHA256=ED1FDCE716A2D5E0703DEBAE0E272BAA49C750B31773E9C0ADFCF5F9758F9350trueMicrosoft WindowsValid 734700x80000000000000006500857Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.884{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\OART.DLL16.0.13801.20688Microsoft OfficeArtMicrosoft OfficeMicrosoft CorporationOART.DLLMD5=A4816E74F5F4F3A1D9B6637EB47C8B23,SHA256=9447582F286D97A4707BB8A6847398637D742E5ED653804EE94E495E3E3BF339trueMicrosoft CorporationValid 734700x80000000000000006500856Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.884{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\WWLIB.DLL16.0.13801.20854Microsoft WordMicrosoft OfficeMicrosoft Corporationwwlib.dllMD5=88AD4C5ED7EE51A82DDB8DF471E749B6,SHA256=E21BE93D40924965E74C6D1619F3C9AEE1FE09F535C8260B61387984DF55BC2DtrueMicrosoft CorporationValid 734700x80000000000000006500804Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.853{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002AtrueMicrosoft WindowsValid 734700x80000000000000006500803Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84BtrueMicrosoft WindowsValid 734700x80000000000000006500802Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899trueMicrosoft WindowsValid 734700x80000000000000006500801Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430DtrueMicrosoft WindowsValid 734700x80000000000000006500800Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006500799Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CAtrueMicrosoft WindowsValid 734700x80000000000000006500798Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575trueMicrosoft WindowsValid 734700x80000000000000006500797Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\windows.storage.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=1D7997E3AFC26B85024D33F835E18056,SHA256=B2376967E156D4971FB66059F6367030AF937943D2EBF80AF856E643B6E95BBFtrueMicrosoft WindowsValid 734700x80000000000000006500796Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704trueMicrosoft WindowsValid 734700x80000000000000006500795Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006500794Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\shell32.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=837B8644B9CE47EC28152E7D764886E0,SHA256=C5BA64473FB38E6B4592EAFA642AF82715CBC676190985D8D8D4150CE840044FtrueMicrosoft WindowsValid 734700x80000000000000006500793Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006500792Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006500791Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006500790Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\msvcp140.dll14.27.29114.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=F60E0D8C88242FE8CA38A8562685F231,SHA256=254F5CDE2DEF2BF3941F746E4902A36F5169BF73AE9E258E49BC1FEF7B26EC99trueMicrosoft CorporationValid 734700x80000000000000006500789Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006500788Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006500785Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\vcruntime140.dll14.27.29114.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=766F0D18983E0810882FBA122AD1163E,SHA256=F10EF6DE6C651DB42DBD455A1C674047862CEBF6CCCE1F784CDB0571C9EA9757trueMicrosoft CorporationValid 734700x80000000000000006500781Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006500780Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006500779Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\vcruntime140_1.dll14.27.29114.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=74B5641A50C27B57ED0DA622E66A239E,SHA256=A571D26E536D4F7DA93ACC24EDB1D823140B660795576DC27F626F1889106D36trueMicrosoft CorporationValid 734700x80000000000000006500778Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006500777Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006500776Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll16.0.13801.20634Microsoft Office componentMicrosoft OfficeMicrosoft Corporationc2r64.dllMD5=89F83DB0358154696068C1A1A2C48B76,SHA256=97A0AC1E7CF73E000BC13BF560BA088C79797604E5E64F21B6DB843CD16742FFtrueMicrosoft CorporationValid 734700x80000000000000006500774Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006500773Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006500772Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll10.0.19041.1074 (WinBuild.160101.0800)Client Virtualization SubsystemsMicrosoft® Windows® Operating SystemMicrosoft CorporationAppVISVSubsystems64.dllMD5=90B77DF9501D41C1FC3B9B08BF739CBD,SHA256=B767361DEEBE62459AD8D6124C9E94B0A20F09EA1C53F6111B7B71252B703A04trueMicrosoft CorporationValid 734700x80000000000000006500771Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006500769Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006500764Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006500763Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006500757Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006500756Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE16.0.13801.20864Microsoft WordMicrosoft OfficeMicrosoft CorporationWinWord.exeMD5=11F7D49A44E922C3BB0B426211F44E66,SHA256=025784F40F20654C264D060B1BA77066CF04BC56F6F2324E56372704FC4EC499trueMicrosoft CorporationValid 734700x80000000000000006500749Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\vcruntime140_1.dll14.27.29114.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=74B5641A50C27B57ED0DA622E66A239E,SHA256=A571D26E536D4F7DA93ACC24EDB1D823140B660795576DC27F626F1889106D36trueMicrosoft CorporationValid 734700x80000000000000006500748Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcp140.dll14.27.29114.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=F60E0D8C88242FE8CA38A8562685F231,SHA256=254F5CDE2DEF2BF3941F746E4902A36F5169BF73AE9E258E49BC1FEF7B26EC99trueMicrosoft CorporationValid 734700x80000000000000006500747Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.822{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\vcruntime140.dll14.27.29114.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=766F0D18983E0810882FBA122AD1163E,SHA256=F10EF6DE6C651DB42DBD455A1C674047862CEBF6CCCE1F784CDB0571C9EA9757trueMicrosoft CorporationValid 734700x80000000000000006500746Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.822{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll16.0.13801.20442Microsoft Office Shell Extension HandlersMicrosoft OfficeMicrosoft Corporationmsoshext.dllMD5=08AB004F0278B5B461F732D7740A5874,SHA256=A8C1819BFD9FAD66B3360E7757F63A18E1C7D961217B01DBD7C0764217D4027CtrueMicrosoft CorporationValid 734700x80000000000000006501873Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.983{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\biwinrt.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Background Broker InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationbiwinrt.dllMD5=1774BAC67716351387E5F11635DEED8D,SHA256=74F9B4190CFFADCE3ED3F61D4FD6A4F7CCC6EE0F42E3452D018E8160ECB3BE1FtrueMicrosoft WindowsValid 734700x80000000000000006501847Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.983{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\fwbase.dll10.0.14393.0 (rs1_release.160715-1616)Firewall Base DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationfwbase.dllMD5=216C0DC7BEBD19C616A7BCE54F57F70C,SHA256=2305E780D161A736DB237727AC78EC1D2462793FD5013D126621B4BBBB16D743trueMicrosoft WindowsValid 734700x80000000000000006501844Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.983{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\FirewallAPI.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Firewall APIMicrosoft® Windows® Operating SystemMicrosoft CorporationFirewallAPI.DLLMD5=C7DD193AFCCF63B97C559993608EDAF0,SHA256=26E7628E9C65352F730F38D7BF32A845CC1CAEEC034152B1CDE85F9B89D1A6DCtrueMicrosoft WindowsValid 734700x80000000000000006501841Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.983{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\Windows.Networking.HostName.dll10.0.14393.4169 (rs1_release.210107-1130)Windows.Networking.HostName DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Networking.HostName.dllMD5=8DF028D66876592B54CEF5631E727C2E,SHA256=C16C85F3D505EDE6F2566DF7140171F5AB4A71DDDEEDC653D846D3954AA8E99AtrueMicrosoft WindowsValid 734700x80000000000000006501839Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.983{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\Windows.Networking.Connectivity.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Networking Connectivity Runtime DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Networking.Connectivity.dllMD5=7934F613774F04B5BFD097B3D77F81FB,SHA256=E1A32AADFED0859269C89D4E1C961D3BC8EA2A5FA86487C9817BB52899E0F60EtrueMicrosoft WindowsValid 734700x80000000000000006501836Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.983{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\Windows.Networking.dll10.0.14393.4169 (rs1_release.210107-1130)Windows.Networking DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Networking.dllMD5=79801C7A91F51A659B0BBA4E80FFFA6B,SHA256=A261D0F4572FAE532461712C90129E14682B09FA651742DBD856F28430586CA7trueMicrosoft WindowsValid 734700x80000000000000006501827Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.936{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1CtrueMicrosoft WindowsValid 734700x80000000000000006501803Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.936{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87trueMicrosoft WindowsValid 734700x80000000000000006501778Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.936{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\DBGHELP.DLL10.0.17763.1 (WinBuild.160101.0800)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoft CorporationDBGHELP.DLLMD5=3AD4BA5FD42E006E38D60AC93FD882E1,SHA256=502593C125B3DCF31D4565FCA6CF49E75233E1D6F3A7DEF2E2E2431E2501D349trueMicrosoft CorporationValid 734700x80000000000000006501776Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.936{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\v8jsi.dll0.63.1.8_5_210_20React Native V8 JSI AdapterReact Native V8 JSI AdapterMicrosoftv8jsi.dllMD5=A0BC9DBA90FC6D10B7618702FB67EC58,SHA256=2A6EBAA66D27F565E4008619D680DF1F2F13E77C2155F658B29F841B9D49AE51trueMicrosoft CorporationValid 734700x80000000000000006501774Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.936{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\react-native-win32.dll0.62.22React-Native-WindowsReact-Native-WindowsMicrosoftreact-native-win32.dllMD5=398277435FAC13143749320A60428DC8,SHA256=0576D3C166CF04F52BA9913A75FF14D77AF755D5285D7E7D64550BA432DBA932trueMicrosoft CorporationValid 734700x80000000000000006501745Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.883{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006501742Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.883{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006501741Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.883{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006501736Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006501735Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006501734Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242trueMicrosoft WindowsValid 734700x80000000000000006501733Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006501732Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006501731Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006501730Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006501729Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\webservices.dll10.0.14393.2312 (rs1_release.180607-1919)Windows Web Services RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationWebServices.dllMD5=3EE43755685D59060FAC0E2F09D67686,SHA256=BF80D9B840C28BC4E8FE9A4E6DBCCCAEE37A108F83428ABA1DD780D5312369D8trueMicrosoft WindowsValid 734700x80000000000000006501727Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006501725Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006501724Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FAtrueMicrosoft WindowsValid 734700x80000000000000006501723Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006501722Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006501721Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006501719Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006501718Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\xmllite.dll10.0.14393.3143 (rs1_release.190725-1725)Microsoft XmlLite LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationXmlLite.dllMD5=64E301CCFADF34810ADA8DE9DBC7720F,SHA256=6EAE1E0E610793C7DF2B27795553F377D2C4126CF74D8EE4A84DE3C3150871F8trueMicrosoft WindowsValid 734700x80000000000000006501716Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006501715Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006501714Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\cryptxml.dll10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)XML DigSig APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptxml.dllMD5=2D8B5120841F9D57D81B417B8033051F,SHA256=10896E3FBB656A1FD76CB636510A8501B12068C653BC27FAA4DD8DC89ED7AE4AtrueMicrosoft WindowsValid 734700x80000000000000006501712Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006501710Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006501709Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006501708Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006501707Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006501702Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.852{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006501700Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.852{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006501699Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.852{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006501697Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.852{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\sppsvc.exe10.0.14393.4530 (rs1_release.210705-0736)Microsoft Software Protection Platform ServiceMicrosoft® Windows® Operating SystemMicrosoft Corporationsppsvc.exeMD5=280B8B6A6CD8A833284EA11425EE5396,SHA256=FD9A147C6649AC20CBC7C74DC431866468D2E4183ED7B876F7E336382DCC6A40trueMicrosoft WindowsValid 734700x80000000000000006501688Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.820{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\D3DCompiler_47.dll10.0.14393.3930 (rs1_release.200901-1914)Direct3D HLSL CompilerMicrosoft® Windows® Operating SystemMicrosoft Corporationd3dcompiler_47.dllMD5=6C441F5AD6724D68B27D9928C6C1170D,SHA256=EEA0AE3BDCEF59AF62F471E90C489044B8DB55BFF6377231E002A70AB1F8CF73trueMicrosoft WindowsValid 734700x80000000000000006501676Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.652{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\globinputhost.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows Globalization Extension API for InputMicrosoft® Windows® Operating SystemMicrosoft Corporationglobinputhost.dllMD5=B92070EB12AF4C292155EBB155A0B6C3,SHA256=F155CFD56DC7199F16377259C55C0E8A26662A81588264F01D0E1F1387721DDCtrueMicrosoft WindowsValid 734700x80000000000000006501673Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.652{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\BCP47Langs.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)BCP47 Language ClassesMicrosoft® Windows® Operating SystemMicrosoft CorporationBCP47Lang.dllMD5=F688C2B9DD2EB56C3B0312B6380338AA,SHA256=B22DB210486D3B5F4EEB17900C5E7AA0EEFEDBB068A0C4858EFE9F8018C34628trueMicrosoft WindowsValid 734700x80000000000000006501672Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.652{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\Windows.Globalization.dll10.0.14393.4467 (rs1_release.210604-1844)Windows GlobalizationMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Globalization.dllMD5=4D2537567A93ABF1D93CB7A7E76F954C,SHA256=5740181B56927C0DC66A6BCECA15EA2806A0ED471A01F785AD47C8C73A1DF85FtrueMicrosoft WindowsValid 734700x80000000000000006501647Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.568{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\edputil.dll10.0.14393.2608 (rs1_release.181024-1742)EDP utilMicrosoft® Windows® Operating SystemMicrosoft CorporationEDPUTIL.DLLMD5=75AC86B00CE4C64B02B105A55CA35628,SHA256=DB31A2345E3BB8DC79BFB4CC29615E3B8B7638AE80BFEC45FA57852669A592AEtrueMicrosoft WindowsValid 734700x80000000000000006501646Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.568{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\cscapi.dll10.0.14393.0 (rs1_release.160715-1616)Offline Files Win32 APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcscapi.dllMD5=6433F8201BFB449DC6B47F6999C2F164,SHA256=06729F1E0A0596620B48B6DC4A2CC9CC5FE55B17BD488C71F7F15AA4262C8C14trueMicrosoft WindowsValid 734700x80000000000000006501645Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.568{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\cryptnet.dll10.0.14393.2035 (rs1_release_inmarket.180110-1910)Crypto Network Related APIMicrosoft® Windows® Operating SystemMicrosoft CorporationCRYPTNET.DLLMD5=C826D7EA2E1A6884120676A0A3CBC714,SHA256=B4EFCCA21ADC0FF2FD3505DD9F9F6D6F66CFF229FE21D97DFEF19F1D485769A0trueMicrosoft WindowsValid 734700x80000000000000006501643Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.568{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ntshrui.dll10.0.14393.4169 (rs1_release.210107-1130)Shell extensions for sharingMicrosoft® Windows® Operating SystemMicrosoft Corporationntshrui.dllMD5=E996A5D4EA7754FF1B0411F0B1664603,SHA256=B2DA0AC549C551A2CAF0714EF3B344C33943292FB1FA9F2EEFA706B6FF18F1A2trueMicrosoft WindowsValid 734700x80000000000000006501635Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.568{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\linkinfo.dll10.0.14393.0 (rs1_release.160715-1616)Windows Volume TrackingMicrosoft® Windows® Operating SystemMicrosoft CorporationLINKINFO.DLLMD5=4CE9B67A187310E37E535FC4165E0933,SHA256=469B33A5DDAA93D28F66AE6D6956268F6F2F09F146734D00A931FBDD1D87DE42trueMicrosoft WindowsValid 734700x80000000000000006501612Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.536{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\DataExchange.dll10.0.14393.4169 (rs1_release.210107-1130)Data exchangeMicrosoft® Windows® Operating SystemMicrosoft CorporationDataExchange.dllMD5=23F499FA8F8E02A8090FB78E80617BDD,SHA256=08C2E505F3765D98379BB88DC8AD5555AB680A691054933FCA1A2CFCDFA42F51trueMicrosoft WindowsValid 734700x80000000000000006501587Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.536{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dcomp.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft DirectComposition LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationdcomp.dllMD5=40873566DBFF13981CA1AE23AC281C5D,SHA256=E52C4619C837358454B969D31E2E14ACDEDABB384272D48C03E4F0AF9A2C2B6EtrueMicrosoft WindowsValid 734700x80000000000000006501585Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.521{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\PhotoMetadataHandler.dll10.0.14393.4169 (rs1_release.210107-1130)Photo Metadata HandlerMicrosoft® Windows® Operating SystemMicrosoft CorporationPhotoMetadataHandler.dllMD5=6FB0850ABAD1E8FDD1F662FCF819262C,SHA256=3EFCA956A159AE40CE292607EC59E4D258BDE13EAB51AFEF270FE55154CFA26EtrueMicrosoft WindowsValid 734700x80000000000000006501583Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.521{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\usp10.dll10.0.14393.3321 (rs1_release.191016-1811)Uniscribe Unicode script processorMicrosoft® Windows® Operating SystemMicrosoft CorporationUSP10.DLLMD5=ACF31D492FD578C0374EB20CC393BE98,SHA256=D49ECA60A94B30DB87CDCEB36F284D273E080E8689E4B0F99D5BD44FFD117A92trueMicrosoft WindowsValid 734700x80000000000000006501552Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.499{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ieapfltr.dll11.00.14393.4169Microsoft SmartScreen FilterInternet ExplorerMicrosoft CorporationIEAPFLTR.DLLMD5=6BB1BAB2380B2AA74FE2EEE4241C0ED8,SHA256=D58B40BC9BD10E07CBDD63FCD0037FF6EAEC2A86F189FFFAC54B4C9094FB5DA0trueMicrosoft WindowsValid 734700x80000000000000006501551Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.499{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wldp.dll10.0.14393.3143 (rs1_release.190725-1725)Windows Lockdown PolicyMicrosoft® Windows® Operating SystemMicrosoft Corporationwldp.dllMD5=51A0208B106B4392AC4B3174B27A39EF,SHA256=EA9955976994C44DC091A07C69E9C863A4D5A960900019D3C4136BDFD1F885D4trueMicrosoft WindowsValid 734700x80000000000000006501550Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.483{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\srpapi.dll10.0.14393.4583 (rs1_release.210730-1850)SRP APIs DllMicrosoft® Windows® Operating SystemMicrosoft Corporationsrpapi.dllMD5=403A93D86E54B82D119D7FC1B7B16D34,SHA256=50F21E2A1EA9CCDCB634F66C1A23CBA591B96649A0C8AF217A13ED79729E73D0trueMicrosoft WindowsValid 734700x80000000000000006501549Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.483{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\mshtml.dll11.00.14393.4583 (rs1_release.210730-1850)Microsoft (R) HTML ViewerInternet ExplorerMicrosoft CorporationMSHTML.DLLMD5=9FE307A03D416BAD04E4900A7204D6F6,SHA256=50E9F9F9BA859E2F8F3DB5452134B0D26444AC5EB3FD03F4A00FB303C58431BEtrueMicrosoft WindowsValid 734700x80000000000000006501545Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.437{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006501543Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.437{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006501542Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.437{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006501541Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.421{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msvcp110_win.dll10.0.14393.2007 (rs1_release.171231-1800)Microsoft® STL110 C++ Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp110_win.dllMD5=BFB390484F611C21582AD11E4C6ADEF2,SHA256=30B5AD268C022FCA2AACAE2CB6E4DC36F6A01C16A006046BB4417CEA96DA4F5AtrueMicrosoft WindowsValid 734700x80000000000000006501539Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.421{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dsreg.dll10.0.14393.4467 (rs1_release.210604-1844)AD/AAD User Device RegistrationMicrosoft® Windows® Operating SystemMicrosoft Corporationdsreg.dllMD5=79A9D7EA2FEAEF86876FFD1B6D1CB6C1,SHA256=A1BA47F25235AA03E37B420DA61B68E1F3165A590B15AAC43894613A88250018trueMicrosoft WindowsValid 734700x80000000000000006501509Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.421{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ADAL.DLL3.4.1.35249ADAL.NativeMicrosoft© ADALMicrosoftadal.dllMD5=83940B529D140372B1FF153CF83E478D,SHA256=1D246C806D9F170AAC09E8AA3507553B7833BA2067B81150588444B3C93BAADBtrueMicrosoft CorporationValid 734700x80000000000000006501508Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.421{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\webservices.dll10.0.14393.2312 (rs1_release.180607-1919)Windows Web Services RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationWebServices.dllMD5=3EE43755685D59060FAC0E2F09D67686,SHA256=BF80D9B840C28BC4E8FE9A4E6DBCCCAEE37A108F83428ABA1DD780D5312369D8trueMicrosoft WindowsValid 734700x80000000000000006501496Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.368{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176trueMicrosoft WindowsValid 734700x80000000000000006501493Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.319{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\hlink.dll10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Microsoft Office 2000 componentMicrosoft® Windows® Operating SystemMicrosoft Corporationhlink.dllMD5=FD7A5F4DF14E2D70CE268E22C5A56650,SHA256=E159200E7E4F627FDCF37230F12412B45C18FB1D3EFB1D3F06B4FE1BAA205351trueMicrosoft WindowsValid 734700x80000000000000006501486Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.299{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ncryptsslp.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft SChannel ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationncryptsslp.dllMD5=80D0046E61E3DBD708B53657DA4C5821,SHA256=7457E1BB911D132A8BEDEB6D7DEDB82365A6D681FBEF2331D4FB545AC1DA5A56trueMicrosoft WindowsValid 734700x80000000000000006501485Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.299{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\mskeyprotect.dll10.0.14393.4046 (rs1_release.201028-1803)Microsoft Key Protection ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationmskeyprotect.dllMD5=87A5C9919D4A67629718959772E120DD,SHA256=707BD6ECE458848F7343C2CF3184A74D99C40E7F5E58E5DA608E4C88D03609E4trueMicrosoft WindowsValid 734700x80000000000000006501484Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.284{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\davhlpr.dll10.0.14393.0 (rs1_release.160715-1616)DAV Helper DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdavhlpr.DLLMD5=D7A5CB6257EA5F99F80A1075BBFEEB41,SHA256=4720811BED40F9998038BCEC6F941E418AB6D0305AB15AFB248F49CC02C64D74trueMicrosoft WindowsValid 734700x80000000000000006501483Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.284{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006501479Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.252{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\EXPSRV.DLL7.1.1108Visual Basic for Applications Runtime - Expression ServiceMicrosoft Visual Basic for ApplicationsMicrosoft CorporationEXPSRV.DLLMD5=3FF977F13147CF29DDB70AA247BD3690,SHA256=3FE5A0245668D229732B49763CB17E3BD466204440DBBC4D27F5E3095CED6C45trueMicrosoft CorporationValid 734700x80000000000000006501478Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.252{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\System\msvcr100.dll10.00.40219.1Microsoft® C Runtime LibraryMicrosoft® Visual Studio® 2010Microsoft Corporationmsvcr100_clr0400.dllMD5=DF3CA8D16BDED6A54977B30E66864D33,SHA256=1D1A1AE540BA132F998D60D3622F0297B6E86AE399332C3B47462D7C0F560A36trueMicrosoft CorporationValid 734700x80000000000000006501477Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.252{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\VBAJET32.DLL7.1.1104Visual Basic for Applications Development Environment - Expression Service LoaderMicrosoft Visual Basic for ApplicationsMicrosoft CorporationVBAJET32.DLLMD5=A302D22CC544B6BFB4E1BB522B036CB1,SHA256=76823CF79F5C76C96E2FCA31D06796D62727ABE559FFBA78E5F21DC324E55188trueMicrosoft CorporationValid 734700x80000000000000006501476Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.252{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEES.DLL16.0.13801.20688Microsoft Access database engine Expression ServiceMicrosoft OfficeMicrosoft Corporationacees.dllMD5=01B32DC29CEB905A6D0FC5C1C703B0CA,SHA256=70106489670931C7491BA1F8AF1DE0503E53844B2AA52F82C3143A8B6E83151DtrueMicrosoft CorporationValid 734700x80000000000000006501474Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.252{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\ACEWSTR.DLL16.0.13801.20008Microsoft Access database engine Sort DLLMicrosoft OfficeMicrosoft Corporationacewstr.dllMD5=D26F3BC200CD057CB9939073143F652E,SHA256=F2985BACE4D0E5A2E82A9FE8CA935BCD19D184BA72F81F4CDC5D3627ECC0B937trueMicrosoft CorporationValid 734700x80000000000000006501472Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.252{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACECORE.DLL16.0.13801.20634Microsoft Access database engine DLLMicrosoft OfficeMicrosoft Corporationacecore.dllMD5=052CFD327BA966E1D3EA5FAFB290672B,SHA256=8DD3054536AD700CD3C7BD59E95456B83E7D177AE1A7C6AAB21C97C49027E655trueMicrosoft CorporationValid 734700x80000000000000006501471Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.237{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msdart.dll10.0.14393.0 (rs1_release.160715-1616)OLE DB Runtime RoutinesMicrosoft® Windows® Operating SystemMicrosoft Corporationmsdart.dllMD5=2D8AE33BC433EFE81FB9F5B126B4A0A9,SHA256=5BC4D64A18925CFB39C898E954BC24473BCCFDA11E31A8FD7E01F8F888BD6B76trueMicrosoft WindowsValid 734700x80000000000000006501470Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.237{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Common Files\System\Ole DB\oledb32.dll10.0.14393.4169 (rs1_release.210107-1130)OLE DB Core ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationoledb32.dllMD5=1C9084B11668B0E8E83D7887BC2BDA33,SHA256=A2FF5347549ECCC9804F180C34D465AFA55027B3B0F614A2666934FA2963F436trueMicrosoft WindowsValid 734700x80000000000000006501469Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.237{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEOLEDB.DLL16.0.13801.20490Microsoft Access database engine OLE DB ProviderMicrosoft OfficeMicrosoft Corporationaceoledb.dllMD5=E8DCF5077604E501B55ABD40BFB32ACB,SHA256=CFA364D0ACFC660080B2F3C6D06E89B6CBBA031F3673E7C56843825991D9EA6AtrueMicrosoft CorporationValid 734700x80000000000000006501468Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.237{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\RICHED20.DLL16.0.13801.20442RichEdit Version 8.0Microsoft OfficeMicrosoft Corporationriched20.dllMD5=4AADCAFE0937BFDD2C0E089B37549CD7,SHA256=8D12811470721C2A4775AE2CF2B236C5E16FD4215D70E63C768BD9F4ADBC364AtrueMicrosoft CorporationValid 734700x80000000000000006501467Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.237{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wintrust.dll10.0.14393.4530 (rs1_release.210705-0736)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=992BCD32EF7680C574A426FAA4933ACA,SHA256=5755AC46B4220784A6E6AC12A755CC10892A5AE59B67924576075A1A29D68B3DtrueMicrosoft WindowsValid 734700x80000000000000006501466Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.237{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Csi.dll16.0.13801.20842Microsoft Office Document CacheMicrosoft OfficeMicrosoft CorporationCsi.dllMD5=79BAD2A42BC1DDCF7747154DB5CDA177,SHA256=B943A38387BD920D64860A27F667FF8C23529614A5812412A672E18052A2CFA5trueMicrosoft CorporationValid 734700x80000000000000006501465Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.237{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\sxs.dll10.0.14393.4169 (rs1_release.210107-1130)Fusion 2.5Microsoft® Windows® Operating SystemMicrosoft CorporationSXS.DLLMD5=54FB18CA661D074CBB60D5A58D40C8D3,SHA256=A2BD6160222A216F8A6830C1273662F8AE88F53D2CE6DA5893FF70D146A0A2B0trueMicrosoft WindowsValid 734700x80000000000000006501464Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.221{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\UIAutomationCore.dll7.2.14393.4169 (rs1_release.210107-1130)Microsoft UI Automation CoreMicrosoft® Windows® Operating SystemMicrosoft CorporationUIAutomationCore.dllMD5=9B2DCFE11EEBDDC18A8F5964E04E64A0,SHA256=5CBC5B45B9EB5B4EF1360005CD675D20D7EE9FE588DA24543FF7C9ACB88317FFtrueMicrosoft WindowsValid 734700x80000000000000006501461Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.217{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msimg32.dll10.0.14393.0 (rs1_release.160715-1616)GDIEXT Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationgdiextMD5=78DA58DF85F86CA61E5EAFB9EF0A83BE,SHA256=3216205F5C355D582EC4B902651B62E1FF3EFFDCA40BC849D474F13F1325E962trueMicrosoft WindowsValid 734700x80000000000000006501460Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.216{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\GFX.DLL16.0.13801.20442Microsoft Office GraphicsMicrosoft OfficeMicrosoft CorporationGFX.DLLMD5=67A8185AAF7674010FB3D3F4BF71B3A7,SHA256=3017C9E5F1B0107444C560FF931BEB019E96AFC49D33F131B1BD0D3AF5B53614trueMicrosoft CorporationValid 734700x80000000000000006501449Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.184{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\schannel.dll10.0.14393.4225 (rs1_release.210127-1811)TLS / SSL Security ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationschannel.dllMD5=2562B81E255EB6DF8497402ABC6C59BB,SHA256=340532C238CA5B84BA9D7A2DB4D1CCD58D869FECC44A463A93F54C974E1B41F4trueMicrosoft WindowsValid 734700x80000000000000006501448Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.184{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\cabinet.dll5.00 (rs1_release.160715-1616)Microsoft® Cabinet File APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcabinet.dllMD5=08A4A2712DB2AE10E483FB74E46B0E73,SHA256=EEB32E3E4256CC9935227ACD5BA576B75F1F6FE3C818D2127513CB22F823FECBtrueMicrosoft WindowsValid 734700x80000000000000006501442Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.153{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\twinapi.dll10.0.14393.4169 (rs1_release.210107-1130)twinapiMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.dllMD5=40E4471EAFBC1AB4D40288BF005AB895,SHA256=E93454095918346B3426D55704F02DF6FBB1B840BF969CE619E3F10BA0AC9A44trueMicrosoft WindowsValid 734700x80000000000000006501414Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.137{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msxml6.dll6.30.14393.4530MSXML 6.0Microsoft XML Core ServicesMicrosoft CorporationMSXML6.dllMD5=10A0259030F41545ECAFB6A595F7C457,SHA256=CF160C3ADCE5AA2357697A02C6FC38071CBE1818B036F1C67F746868EB7F814DtrueMicrosoft WindowsValid 734700x80000000000000006501377Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.137{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11trueMicrosoft WindowsValid 734700x80000000000000006501353Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.137{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704trueMicrosoft WindowsValid 734700x80000000000000006501349Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.137{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wmiclnt.dll10.0.14393.0 (rs1_release.160715-1616)WMI Client APIMicrosoft® Windows® Operating SystemMicrosoft Corporationwmiclnt.dllMD5=6B61852EDC8F0EB9E555CF5308A1CA67,SHA256=73CBABE06D58CF771AC647C0DE916BD668FEC96A40EDF7283D50C1C7DE07FE08trueMicrosoft WindowsValid 734700x80000000000000006501348Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.137{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wmi.dll10.0.14393.0 (rs1_release.160715-1616)WMI DC and DP functionalityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmi.DLLMD5=BECC01CF48016043B5DC3D5477CC08CF,SHA256=449E882DBCD4DD25B8F10CD62623DCB15E5B6375B0699463506EA55886B7B9DAtrueMicrosoft WindowsValid 734700x80000000000000006501341Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.137{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006501340Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.121{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\framedynos.dll10.0.14393.4169 (rs1_release.210107-1130)WMI SDK Provider FrameworkMicrosoft® Windows® Operating SystemMicrosoft Corporationframedyn.dllMD5=F5BCBB0713FF862975B07056D25E166E,SHA256=DBB3B6E35E0FEF5B878DE8C85AF578B51C1C2DB025865354E27394AEA87824B2trueMicrosoft WindowsValid 734700x80000000000000006501339Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.121{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575trueMicrosoft WindowsValid 734700x80000000000000006501338Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.121{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\mlang.dll10.0.14393.4169 (rs1_release.210107-1130)Multi Language Support DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMLANG.DLLMD5=1DB944C25F1B1D7105543E61F1CC5E2F,SHA256=EBA81052B0330151F8FE0FC95AFD2203D3869D67A05AD4E5D3FA8A69B48B4046trueMicrosoft WindowsValid 734700x80000000000000006501337Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.121{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\cimwin32.dll10.0.14393.3297 (rs1_release_1.191001-1045)WMI Win32 ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationcimwin32.dllMD5=35C291C2351E11C928195BFD018A972C,SHA256=CC1655A2CD71118C0197A1A96D47E86C74F58AA6D589B55F77D8C1C12C542BA7trueMicrosoft WindowsValid 734700x80000000000000006501336Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.121{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\FWPUCLNT.DLL10.0.14393.0 (rs1_release.160715-1616)FWP/IPsec User-Mode APIMicrosoft® Windows® Operating SystemMicrosoft Corporationfwpuclnt.dllMD5=A65FA613342B08E0F760D8B13B9C135A,SHA256=C64A1EC862188D2EE1202DB02BFBF4E2DD56780905E509012799EB57FC9A88EDtrueMicrosoft WindowsValid 734700x80000000000000006501332Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.121{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\wmiutils.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwmiutils.dllMD5=5179B0DEF3AB5CAC3BA02316AF1B6B40,SHA256=FA4112CB0D1A133C41FD001F958F0BE930BB49072BF97A3D765AEA8DB841ABC4trueMicrosoft WindowsValid 734700x80000000000000006501327Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.121{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\coml2.dll10.0.14393.2608 (rs1_release.181024-1742)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOML2.DLLMD5=F51CCB7A95B83C1327390BF672AFD328,SHA256=850E50B525EF51374B880146E26464D10A8B1DAE1E0307F7B27DC7322824F2BFtrueMicrosoft WindowsValid 734700x80000000000000006501324Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.121{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\wbemsvc.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemsvc.dllMD5=2BE97028B7B85762561F475E31989C2A,SHA256=75C9D8C6D41B4B7D70666A8107A08A748CEF6CB9E60AD0288B10CDE12E274AFFtrueMicrosoft WindowsValid 734700x80000000000000006501323Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.037{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\iertutil.dll11.00.14393.4467 (rs1_release.210604-1844)Run time utility for Internet ExplorerInternet ExplorerMicrosoft CorporationIeRtUtil.dllMD5=1D608361848C3A3AC56488995E8D0BB1,SHA256=D95DE5DBAD08E22CB0CFB9322220E752F16124C15867F7748E4D64795E400EBFtrueMicrosoft WindowsValid 734700x80000000000000006501299Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.121{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006501298Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.121{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006501294Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.121{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\wbemprox.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemprox.dllMD5=B7B56FAC395BEEDC20120FD0170A23A3,SHA256=7BDF579D7348D84F251A8411E40E14ADF9406F954914C1C4DE30E880DCF6CEB3trueMicrosoft WindowsValid 734700x80000000000000006501292Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.120{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006501287Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006501286Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006501285Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006501284Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006501283Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006501282Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006501273Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006501272Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006501271Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006501270Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006501269Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006501268Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006501267Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006501266Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\ncobjapi.dll10.0.14393.0 (rs1_release.160715-1616)-Microsoft® Windows® Operating SystemMicrosoft CorporationNCObjAPI.DLLMD5=EA51AB4DE69030FC62B5014175D27A88,SHA256=774A8136F6FC789952548DA2A72F2E53E32A33E91C48EA707C1D823058515DABtrueMicrosoft WindowsValid 734700x80000000000000006501265Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbemcomn.dll10.0.14393.4530 (rs1_release.210705-0736)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemcomn.dllMD5=91E2160941219FFEBE4093E6681BE4CF,SHA256=3B8AA86EAF2200F53A6EB57B08A34F1BA5E467B72E5002C3BCBF20AF40D98CD1trueMicrosoft WindowsValid 734700x80000000000000006501264Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\fastprox.dll10.0.14393.0 (rs1_release.160715-1616)WMI Custom MarshallerMicrosoft® Windows® Operating SystemMicrosoft Corporationfastprox.dllMD5=C2F7834269D565263C65757EDE37A66C,SHA256=17651A35255229CE95F065CA1BCCC4867B43DA879D72AFCC91FBA4768225C7D3trueMicrosoft WindowsValid 734700x80000000000000006501263Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006501262Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006501261Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006501258Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006501257Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\WmiPrvSE.exe10.0.14393.2155 (rs1_release_1.180305-1842)WMI Provider HostMicrosoft® Windows® Operating SystemMicrosoft CorporationWmiprvse.exeMD5=E1BCE838CD2695999AB34215BF94B501,SHA256=1D7B11C9DEDDAD4F77E5B7F01DDDDA04F3747E512E0AA23D39E4226854D26CA2trueMicrosoft WindowsValid 734700x80000000000000006501249Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.037{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\urlmon.dll11.00.14393.4530 (rs1_release.210705-0736)OLE32 Extensions for Win32Internet ExplorerMicrosoft CorporationUrlMon.dllMD5=B63DBDFEC215CF37259DC4A88ADBD0E7,SHA256=67B02F3DE0AF36E76C2D259CE7833EDA4FE33D935538E8A4C1E7E82130870FC1trueMicrosoft WindowsValid 734700x80000000000000006501206Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006501187Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.068{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\rasadhlp.dll10.0.14393.0 (rs1_release.160715-1616)Remote Access AutoDial HelperMicrosoft® Windows® Operating SystemMicrosoft Corporationrasadhlp.dllMD5=FAE8D0480BDD905EEA453D3A57C8D5C6,SHA256=C1531223B8201B344A6A6474CB2D9B8A8C632250A3A6F472EC5E2D7D28ADD94CtrueMicrosoft WindowsValid 734700x80000000000000006501177Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\npmproxy.dll10.0.14393.4169 (rs1_release.210107-1130)Network List Manager ProxyMicrosoft® Windows® Operating SystemMicrosoft Corporationnpfproxy.dllMD5=4D76C6FAF3D01B31A68C9ABF95F4B7D4,SHA256=9B771613C067880E99ED3D68E6C2A43C6B252E899D44682ADEB5A7F02E925920trueMicrosoft WindowsValid 734700x80000000000000006501173Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.053{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\webio.dll10.0.14393.3866 (rs1_release.200805-1327)Web Transfer Protocols APIMicrosoft® Windows® Operating SystemMicrosoft Corporationwebio.dllMD5=0CE65DF03820B5523EFE7D20258E6F0A,SHA256=9224732E1A7761866BB479C91A02C561F77B203EB20914F4ED0AF8FE320E8FF6trueMicrosoft WindowsValid 734700x80000000000000006501156Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.053{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006501138Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.020{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\netprofm.dll10.0.14393.4169 (rs1_release.210107-1130)Network List ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationnetprofm.dllMD5=02AD37C3C2D54BCD9E7BD2AFF3D6E7A6,SHA256=D71D631EC1790A9BD9451EFAEFC7EBADE6353A17CDBB4D8AAACD3102430A686EtrueMicrosoft WindowsValid 734700x80000000000000006501130Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.053{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSPTLS.DLL16.0.13801.20178Microsoft Office componentMicrosoft OfficeMicrosoft Corporationmsptls.dllMD5=53C631125C4AB3BFA9F7DB70B4B02EFA,SHA256=4F0593A374FE614EBBFAB37A9C39515D695ABA2EF3ADDD72BD912A83426789FEtrueMicrosoft CorporationValid 734700x80000000000000006501124Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.053{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wininet.dll11.00.14393.4583 (rs1_release.210730-1850)Internet Extensions for Win32Internet ExplorerMicrosoft Corporationwininet.dllMD5=524876363DA8F469C13E0818256B6131,SHA256=DAA85FEAB4553D9A203A85A58C8CB26A2784E0D33226B41AAE98471DAE75C035trueMicrosoft WindowsValid 734700x80000000000000006501120Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.053{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\sppc.dll10.0.14393.67 (rs1_release.160804-2231)Software Licensing Client DllMicrosoft® Windows® Operating SystemMicrosoft Corporationsppc.dllMD5=7CF84329545035CC0833119C7268A620,SHA256=49E3FA8B9F9ACB1A2CEDE37970361316C93286CEE7F70DE5985E7135498A4210trueMicrosoft WindowsValid 734700x80000000000000006501106Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.037{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\xmllite.dll10.0.14393.3143 (rs1_release.190725-1725)Microsoft XmlLite LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationXmlLite.dllMD5=64E301CCFADF34810ADA8DE9DBC7720F,SHA256=6EAE1E0E610793C7DF2B27795553F377D2C4126CF74D8EE4A84DE3C3150871F8trueMicrosoft WindowsValid 734700x80000000000000006501094Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.000{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\DWrite.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=1875083243EE498D0B2BB6B025AD7520,SHA256=A3FA592126642537BF6F0E4E9750A43A899525FE616DE899ABD7F26A9E7620C4trueMicrosoft WindowsValid 734700x80000000000000006501085Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.037{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wbem\fastprox.dll10.0.14393.0 (rs1_release.160715-1616)WMI Custom MarshallerMicrosoft® Windows® Operating SystemMicrosoft Corporationfastprox.dllMD5=C2F7834269D565263C65757EDE37A66C,SHA256=17651A35255229CE95F065CA1BCCC4867B43DA879D72AFCC91FBA4768225C7D3trueMicrosoft WindowsValid 734700x80000000000000006501069Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.037{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006501068Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.037{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006501062Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.037{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dhcpcsvc.dll10.0.14393.3930 (rs1_release.200901-1914)DHCP Client ServiceMicrosoft® Windows® Operating SystemMicrosoft Corporationdhcpcsvc.dllMD5=CD3B9633BBEF2102C4665A2C39EC0B1A,SHA256=341EFB4806BE39E09AA90CA3B069C39F2A9D61FA9B512350B2721D41875AFCAEtrueMicrosoft WindowsValid 734700x80000000000000006501061Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.037{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wbem\wbemsvc.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemsvc.dllMD5=2BE97028B7B85762561F475E31989C2A,SHA256=75C9D8C6D41B4B7D70666A8107A08A748CEF6CB9E60AD0288B10CDE12E274AFFtrueMicrosoft WindowsValid 734700x80000000000000006501060Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.037{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dhcpcsvc6.dll10.0.14393.3930 (rs1_release.200901-1914)DHCPv6 ClientMicrosoft® Windows® Operating SystemMicrosoft Corporationdhcpcsvc6.dllMD5=1721EAC44BCFC7177AA664ADCA514F23,SHA256=C099BCCE44A04A48147DE8CF093EBF997510154113789BF31394B5148F60B375trueMicrosoft WindowsValid 734700x80000000000000006501059Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.037{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006501058Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.037{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\winnsi.dll10.0.14393.2339 (rs1_release_inmarket.180611-1502)Network Store Information RPC interfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationwinnsi.dllMD5=25B3BD4D63460EE4599F5631C1B83D21,SHA256=07E055D47940F09CB7EB512D52672C944D7D2F035A2F45766319871C0862C5B1trueMicrosoft WindowsValid 734700x80000000000000006501039Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.037{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wbemcomn.dll10.0.14393.4530 (rs1_release.210705-0736)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemcomn.dllMD5=91E2160941219FFEBE4093E6681BE4CF,SHA256=3B8AA86EAF2200F53A6EB57B08A34F1BA5E467B72E5002C3BCBF20AF40D98CD1trueMicrosoft WindowsValid 734700x80000000000000006501038Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.037{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wbem\wbemprox.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemprox.dllMD5=B7B56FAC395BEEDC20120FD0170A23A3,SHA256=7BDF579D7348D84F251A8411E40E14ADF9406F954914C1C4DE30E880DCF6CEB3trueMicrosoft WindowsValid 734700x80000000000000006501037Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\RICHED20.DLL16.0.13801.20442RichEdit Version 8.0Microsoft OfficeMicrosoft Corporationriched20.dllMD5=4AADCAFE0937BFDD2C0E089B37549CD7,SHA256=8D12811470721C2A4775AE2CF2B236C5E16FD4215D70E63C768BD9F4ADBC364AtrueMicrosoft CorporationValid 734700x80000000000000006501036Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\mswsock.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft Windows Sockets 2.0 Service ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationmswsock.dllMD5=B52ACA309FD6F72105951FFBA022327B,SHA256=02AB6CCE4BF0D3F075D5E982F5A4CBDB514CE7C245EA474D7846A86CD3F13202trueMicrosoft WindowsValid 734700x80000000000000006501035Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\OnDemandConnRouteHelper.dll10.0.14393.4169 (rs1_release.210107-1130)On Demand Connctiond Route HelperMicrosoft® Windows® Operating SystemMicrosoft CorporationOnDemandConnRouteHelper.dllMD5=BAE78E97BEBB832376654560305922E3,SHA256=6A188DC4F1005E46CCA529E9C757D9B3B5F98E5587AFAA5E4200C7DD2AC73355trueMicrosoft WindowsValid 734700x80000000000000006501034Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\winhttp.dll10.0.14393.4467 (rs1_release.210604-1844)Windows HTTP ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationwinhttp.dllMD5=8893BE5829B2F909E7FC4AF4C43B54F9,SHA256=C1D791C72417FD001E2A5FE441717881D43428A931724E7FD2DCCE6C83699458trueMicrosoft WindowsValid 734700x80000000000000006501031Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\MSOARIA.DLL16.0.55555.10000Microsoft Office componentMicrosoft OfficeMicrosoft CorporationMsoAria.dllMD5=2357126682CE4CAB2E5963883400D41D,SHA256=878BF317D30612C970E2EFDF93C3F22BF360D0304CFB54E96D638E8A5DE24E51trueMicrosoft CorporationValid 734700x80000000000000006501029Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dpapi.dll10.0.14393.0 (rs1_release.160715-1616)Data Protection APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdpapi.dllMD5=927EA28A3F416A5A5E9FC638CA245EF5,SHA256=D399633CC99D754DD999BB4FFADD768FEA82F57A0241809117AD786DC33DD30EtrueMicrosoft WindowsValid 734700x80000000000000006501028Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006501027Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll4.8.4180.0 built by: NET48REL1LAST_BMicrosoft .NET Runtime Execution EngineMicrosoft® .NET FrameworkMicrosoft Corporationmscoreei.dllMD5=899A8B655E52A061B33571D97C5C06ED,SHA256=DE05B03E37FB9BA5D74CF8FA36A6F0B15AB61705285B738BC90D14FDE580A45EtrueMicrosoft CorporationValid 734700x80000000000000006501026Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\mscoree.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft .NET Runtime Execution EngineMicrosoft® Windows® Operating SystemMicrosoft Corporationmscoree.dllMD5=5ECE402D7E12EC3750D044BF3D878DF6,SHA256=3F02B1AE7B61BC36B04EA2B82ED79F112219F4E9668518030FF14B005E2C9BBCtrueMicrosoft WindowsValid 734700x80000000000000006501024Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\twinapi.appcore.dll10.0.14393.4169 (rs1_release.210107-1130)twinapi.appcoreMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.appcore.dllMD5=B877C5BDEA2215B3D3CF89F645EB535C,SHA256=2F5468CC4277C8CB4B2AD1095AFC739ECAE0F0B6EE78E57BF64A97F3BDA54C19trueMicrosoft WindowsValid 734700x80000000000000006501022Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\WinTypes.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Base Types DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWinTypes.dllMD5=9F209F29ABFF007F55328BCC36367005,SHA256=7F2CBE9B349062DFD782032D50C335E6C292EC5F509746941982A7161F24ED84trueMicrosoft WindowsValid 734700x80000000000000006501020Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\Windows.Security.Authentication.Web.Core.dll10.0.14393.4169 (rs1_release.210107-1130)Token Broker WinRT APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Security.Authentication.Web.Core.dllMD5=E3AB65431FF6EA142FECF301220904D0,SHA256=60F168A317109BA364699F1FA1A2DDD8E5B0008A16CD7F1DB80583848DFCA7CFtrueMicrosoft WindowsValid 734700x80000000000000006501019Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.020{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\normaliz.dll10.0.14393.0 (rs1_release.160715-1616)Unicode Normalization DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnormaliz.dllMD5=65930A2C537774A8CBB0A1BE20266D51,SHA256=2879DECC03521C385C5D29381B002E7B70BB448BC2787D9C08174592C7D80BC8trueMicrosoft WindowsValid 734700x80000000000000006501018Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.018{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006501015Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.000{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006501014Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.000{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006501011Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.000{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\WindowsCodecs.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Windows Codecs LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationWindowsCodecsMD5=B791899A46FD151559658F4F86C3C6F5,SHA256=E559B36A3CC2261C16916F2D49FA351DC4E21E5EC581AC43547ABA16F70CDA7EtrueMicrosoft WindowsValid 734700x80000000000000006501010Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.000{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\d3d10warp.dll10.0.14393.2608 (rs1_release.181024-1742)Direct3D 10 RasterizerMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D10Warp.dllMD5=B69F0419A16A616FE2D779EC98CD7FB9,SHA256=2D10B43F2137433E48A009227487C691E312D186691485D33B4FDF90D8423C9DtrueMicrosoft WindowsValid 734700x80000000000000006501009Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.000{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\d3d11.dll10.0.14393.4467 (rs1_release.210604-1844)Direct3D 11 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D11.dllMD5=F940A91B13592184F228ECC14D8D9358,SHA256=2BC05A4D09CDBAB8DB5F767DC95F31B2CA324928A94F004C7C2968E3E9E635E2trueMicrosoft WindowsValid 734700x80000000000000006501008Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.000{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\d3d10_1core.dll10.0.14393.0 (rs1_release.160715-1616)Direct3D 10.1 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D10_1Core.dllMD5=AD41EACFB2A670E17F2C09F8AB06F428,SHA256=208B4CF05936AC21EB0337FB17B1B8F12D778A6E880435C589202457EB0CF73EtrueMicrosoft WindowsValid 734700x80000000000000006501007Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.000{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\d3d10_1.dll10.0.14393.0 (rs1_release.160715-1616)Direct3D 10.1 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D10_1.dllMD5=9945D52ACD8FED11F0A636F916C4FF16,SHA256=97C5A99ED38F8516133D6B95070C5998BAAE75EAEF730531D91B81FEE4B81D82trueMicrosoft WindowsValid 734700x80000000000000006501974Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006501973Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006501972Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36trueMicrosoft WindowsValid 734700x80000000000000006501971Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430DtrueMicrosoft WindowsValid 734700x80000000000000006501969Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\thumbcache.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Thumbnail CacheMicrosoft® Windows® Operating SystemMicrosoft Corporationthumbcache.dllMD5=C146766884A92B154F2EB38463F2263D,SHA256=48C5CC7760187EDB140A904D3AC5FD24F740973CDBA07962047859F84E7BEB9CtrueMicrosoft WindowsValid 734700x80000000000000006501967Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12trueMicrosoft WindowsValid 734700x80000000000000006501966Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002AtrueMicrosoft WindowsValid 734700x80000000000000006501965Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006501964Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006501963Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006501962Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006501960Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006501958Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006501957Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006501956Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006501955Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.151{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006501954Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.151{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006501953Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.151{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006501952Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.151{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006501949Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.151{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006501948Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.151{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006501946Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.151{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006501945Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.151{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\dllhost.exe10.0.14393.0 (rs1_release.160715-1616)COM SurrogateMicrosoft® Windows® Operating SystemMicrosoft Corporationdllhost.exeMD5=DA63852A2B0340E94D74EAF0CD444979,SHA256=EE8364C07B3F4F71FA649E0E6C4C73C15D285130E4B16E79890EEBBF89C2164EtrueMicrosoft WindowsValid 734700x80000000000000006501923Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.098{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dsparse.dll10.0.14393.0 (rs1_release.160715-1616)Active Directory Domain Services APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdsparse.dllMD5=E9B5EFC173FDD55C00B2F28B8BAC144B,SHA256=0CA602484CD0E2C67091FCD60091608BF746B1D05B353DB9805D1CAE0ED09D70trueMicrosoft WindowsValid 734700x80000000000000006501922Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.098{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006501920Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.098{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\certca.dll10.0.14393.3053 (rs1_release_inmarket.190612-1836)Microsoft® Active Directory Certificate Services CAMicrosoft® Windows® Operating SystemMicrosoft CorporationCertCaMD5=8F23364460E12C9A157F88B9B4A86F2E,SHA256=51B5550668D6420C5DA988FEF83564DD9B4E911866EF4FC80748C8B219789F23trueMicrosoft WindowsValid 734700x80000000000000006501919Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.098{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\CertEnroll.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft® Active Directory Certificate Services Enrollment ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationCertEnrollMD5=20ADB479CDAFBDFB60D8D6E0AD7D6588,SHA256=C1C86EE623A9BCA85CE4D6AD7DA9F75C18E62DA2341219FCF45A73FD0CF5123BtrueMicrosoft WindowsValid 734700x80000000000000006501884Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.036{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006501883Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.036{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\sppobjs.dll10.0.14393.4583 (rs1_release.210730-1850)Software Protection Platform PluginsMicrosoft® Windows® Operating SystemMicrosoft Corporationsppobjs.dllMD5=70045B78DCFD4DE800A61A51E60D83DC,SHA256=557A2F2C1F6E766E3CBE8A6E91F7614717848B754242097E820C32EED148A530trueMicrosoft WindowsValid 734700x80000000000000006501879Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.020{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\Clipc.dll10.0.14393.0 (rs1_release.160715-1616)Client Licensing Platform ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationClipC.dllMD5=C1ADE6C578AFD608EBC63BEB0F85ABD7,SHA256=7195914FD6FF035601607636E8EEFC58074852FD9983DB4A7E9DFEAEFA3D8382trueMicrosoft WindowsValid 734700x80000000000000006501878Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.020{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\dsrole.dll10.0.14393.0 (rs1_release.160715-1616)DS Setup Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationDSROLE.DLLMD5=2A319EC8DF0FB5C46CF311B9D2B65B1D,SHA256=62B8900EFDF4B30E54E11232A8DA95DBF066DAEFD364A66EB99ADC028A3798F7trueMicrosoft WindowsValid 734700x80000000000000006501877Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.020{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\sppwinob.dll10.0.14393.4530 (rs1_release.210705-0736)Software Protection Platform Windows PluginMicrosoft® Windows® Operating SystemMicrosoft Corporationsppwinob.dllMD5=131DCFFFD0F2560BCD89F6ECBCC8A2D1,SHA256=5FB678235EC5BB4417B9D69AD7095A6C13AC1C008FA2647BE09205434E57AA4AtrueMicrosoft WindowsValid 734700x80000000000000006502383Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:26.450{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\wbem\wbemprox.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemprox.dllMD5=B7B56FAC395BEEDC20120FD0170A23A3,SHA256=7BDF579D7348D84F251A8411E40E14ADF9406F954914C1C4DE30E880DCF6CEB3trueMicrosoft WindowsValid 734700x80000000000000006502563Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:29.514{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\CSS7DATA0009.DLL16.0.55555.10000Microsoft ENGLISH Natural Language Server Data and CodeNatural Language ComponentsMicrosoft Corporationcss7Data0009.dllMD5=7E61F72C2CC4AAC44084734CCD4B93CB,SHA256=2933C7FD5143F453C4C085BC7023CB5BC88DC73B5FDE60171930393C645215D8trueMicrosoft CorporationValid 734700x80000000000000006502562Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:29.514{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\mscss7en.dll16.0.55555.10000Natural Language Development Platform 7 - PRMNatural Language ComponentsMicrosoft Corporationmscss7en.dllMD5=9605B976D5B190DCA0A6A6F3D2ECAF2B,SHA256=AA7527AAAC1DAAE1D97EF0D1BE5CEA412C0653DD5AB0B9B631BD3F569EC7B56EtrueMicrosoft CorporationValid 734700x80000000000000006502560Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:29.514{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\PROOF\msgrammar8.dll16.0.55555.10000Grammar Proofing ServiceMicrosoft OfficeMicrosoft CorporationMSGrammar8.dllMD5=226E8BFDAE2E5157512CD97901C4B3A2,SHA256=D77B275C0502165DA334F8316B2406A2F0E8180CA1D62B774D53BBC6543EED4DtrueMicrosoft CorporationValid 734700x80000000000000006502558Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:29.492{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\PROOF\msspell7.dll16.0.55555.10000Natural Language Spelling ServiceNatural Language ComponentsMicrosoft Corporationmsspell7.dllMD5=7685BFAE020B898D319F2670D9E93CCB,SHA256=F4D8041B630477B282ECB822E5B7494DBBA67DCE1AC8F4CA293203E4410DD9DFtrueMicrosoft CorporationValid 734700x80000000000000006502554Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:29.492{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\OneCoreUAPCommonProxyStub.dll10.0.14393.3808 (rs1_release.200707-2105)OneCoreUAP Common Proxy StubMicrosoft® Windows® Operating SystemMicrosoft CorporationOneCoreUAPCommonProxyStub.dllMD5=9F8EF1431E82015CD1918582A770DB35,SHA256=FC2073DCE9AC41DBF338FAFE85F2429D6D3812573D2192C7A906C1D46E0AB4FAtrueMicrosoft WindowsValid 734700x80000000000000006502553Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:29.492{4DF467A6-4448-6132-F405-00000000F001}4352C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\OneCoreUAPCommonProxyStub.dll10.0.14393.3808 (rs1_release.200707-2105)OneCoreUAP Common Proxy StubMicrosoft® Windows® Operating SystemMicrosoft CorporationOneCoreUAPCommonProxyStub.dllMD5=9F8EF1431E82015CD1918582A770DB35,SHA256=FC2073DCE9AC41DBF338FAFE85F2429D6D3812573D2192C7A906C1D46E0AB4FAtrueMicrosoft WindowsValid 734700x80000000000000006502552Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:29.477{4DF467A6-4448-6132-F405-00000000F001}4352C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\MsSpellCheckingFacility.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Spell Checking FacilityMicrosoft® Windows® Operating SystemMicrosoft CorporationMsSpellCheckingFacility.dllMD5=C0079D2D05B1563423C2BF0AED09CE87,SHA256=B55921D0A70FC3F5097010F49C6342E47F30F6B6EB4475CC4F7683954A00836EtrueMicrosoft WindowsValid 734700x80000000000000006502551Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:29.477{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\MsSpellCheckingFacility.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Spell Checking FacilityMicrosoft® Windows® Operating SystemMicrosoft CorporationMsSpellCheckingFacility.dllMD5=C0079D2D05B1563423C2BF0AED09CE87,SHA256=B55921D0A70FC3F5097010F49C6342E47F30F6B6EB4475CC4F7683954A00836EtrueMicrosoft WindowsValid 734700x80000000000000006502544Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:29.477{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\msproof7.dll16.0.55555.10000Proofing ServicesNatural Language ComponentsMicrosoft CorporationMSProof7.dllMD5=0B5AE10DC8D082C28CD1F7C66DBF6063,SHA256=53075E69BF554B0560B3E0B5E726B4F34326DBD0967EE29DC84E1AF8778A51B8trueMicrosoft CorporationValid 734700x80000000000000006502604Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:33.970{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\actxprxy.dll10.0.14393.3808 (rs1_release.200707-2105)ActiveX Interface Marshaling LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationActXPrxy.dllMD5=087C47C19BBFCB9F4932C03C0189E86B,SHA256=9BEE35FBFA2E595372D82E8858BE46CE7717E0399996960398BC238F4D0E5207trueMicrosoft WindowsValid 734700x80000000000000006502789Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:58.908{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006502788Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:58.908{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\taskschd.dll10.0.14393.4402 (rs1_release.210426-1725)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=76BF5CA81C749140E05C7519B13B299E,SHA256=D5CBDB2EEE67E582198F9DB213EC95DF9107F08D646E67FFA723066CC434B515trueMicrosoft WindowsValid 734700x80000000000000006502787Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:58.908{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006502956Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006502955Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006502954Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006502952Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006502950Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006502949Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006502948Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006502947Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006502946Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006502945Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006502944Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006502943Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006502942Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006502941Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006502940Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006502939Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006502938Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006502937Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006502936Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006502935Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006502934Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006502933Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006502932Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006502931Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006502930Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006502929Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006502928Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.871{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006502927Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.871{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006502926Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.871{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006502925Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.871{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006502924Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.871{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006502923Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.871{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006502922Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.871{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006502921Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.871{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006502920Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.871{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006502918Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.871{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006502917Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.871{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006502916Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.871{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006502915Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.871{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006502904Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.335{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006502902Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.319{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006502901Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.319{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006502900Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.204{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006502899Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.204{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006502898Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.204{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006502896Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.204{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006502894Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006502893Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006502892Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006502891Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006502890Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006502889Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006502888Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006502887Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006502886Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006502885Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006502884Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006502883Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006502882Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006502881Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006502880Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006502879Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006502878Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006502877Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006502876Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006502875Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006502874Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006502873Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006502872Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006502871Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006502870Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006502869Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006502868Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006502867Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006502866Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006502865Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006502864Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006502863Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006502861Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006502860Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006502859Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006502858Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006503023Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.701{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006503022Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.701{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006503021Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.701{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006503018Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.568{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006503017Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.567{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006503016Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.567{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006503014Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.566{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006503012Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.564{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006503011Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.564{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006503010Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006503009Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006503008Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006503007Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006503006Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006503005Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006503004Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006503003Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006503002Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006503001Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006503000Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006502999Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006502998Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006502997Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006502996Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006502995Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006502994Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006502993Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006502992Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006502991Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006502990Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006502989Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006502988Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006502987Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006502986Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006502985Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006502984Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006502983Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006502982Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006502981Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006502979Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006502978Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006502977Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006502976Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006502960Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.018{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006502958Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.018{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006502957Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.018{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006503156Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.931{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006503155Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.931{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006503154Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.931{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006503152Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.931{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006503150Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.931{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006503149Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.931{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006503148Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.931{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006503147Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.931{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006503146Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006503145Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006503144Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006503143Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006503142Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006503141Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006503140Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006503139Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006503138Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006503137Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006503136Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006503135Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006503134Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006503133Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006503132Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006503131Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006503130Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006503129Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006503128Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006503127Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006503126Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006503125Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006503124Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006503123Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006503122Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006503121Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006503120Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006503119Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006503117Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006503116Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006503115Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006503114Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006503099Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.369{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006503097Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.369{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006503096Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.369{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006503081Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.248{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006503080Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.248{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006503079Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.248{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006503077Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.248{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006503075Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.248{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006503074Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006503073Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006503072Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006503071Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006503070Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006503069Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006503068Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006503067Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006503066Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006503065Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006503064Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006503063Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006503062Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006503061Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006503060Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006503059Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006503058Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006503057Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006503056Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006503055Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006503054Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006503053Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006503052Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006503051Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006503050Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006503049Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006503048Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006503047Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006503046Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006503045Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006503043Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006503042Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006503041Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006503040Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006503273Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.764{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006503272Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.763{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006503271Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.762{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006503268Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.630{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006503267Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.630{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006503266Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.630{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006503264Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.630{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006503262Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.630{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006503253Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.630{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006503252Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006503238Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.630{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006503235Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.630{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006503230Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006503209Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006503208Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006503207Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006503206Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006503205Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006503204Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006503203Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006503202Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006503201Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006503200Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006503199Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006503198Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006503197Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006503196Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006503195Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006503194Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006503193Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006503192Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006503191Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006503190Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006503189Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006503188Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006503187Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006503185Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006503184Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006503183Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006503182Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006503181Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006503180Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006503179Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006503177Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006503176Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006503175Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006503174Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006503160Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.046{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006503159Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.046{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006503333Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.464{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006503332Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.463{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006503331Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.462{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006503330Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.329{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006503329Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.329{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006503328Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.329{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006503326Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.329{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006503324Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.329{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006503323Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006503322Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006503321Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006503320Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006503319Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006503318Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006503317Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006503316Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006503315Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006503314Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006503313Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006503312Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006503311Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006503310Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006503309Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006503308Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006503307Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006503306Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006503305Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006503304Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006503303Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006503302Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006503301Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006503300Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006503299Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006503298Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006503297Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006503296Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006503295Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006503294Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006503293Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006503291Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006503290Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006503289Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006503288Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006503404Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:15.536{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\wpdshext.dll10.0.14393.4169 (rs1_release.210107-1130)Portable Devices Shell ExtensionMicrosoft® Windows® Operating SystemMicrosoft CorporationWpdShExt.dllMD5=CEB555E9099888316A1E2ADE83BA82BF,SHA256=4110FFD5F08100D1F6E1005E2907460E40B3221A0833B821BE291657416E89F0trueMicrosoft WindowsValid 734700x80000000000000006503401Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:15.405{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\mydocs.dll10.0.14393.4169 (rs1_release.210107-1130)My Documents Folder UIMicrosoft® Windows® Operating SystemMicrosoft Corporationmydocs.dllMD5=999FD44CF5713852E6083A43A7917761,SHA256=D5C75951C29B7F0AAA4EC9E9AB3195933E650C1F171092F389FD4DB66CA1CA20trueMicrosoft WindowsValid 734700x80000000000000006503399Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:15.405{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\sendmail.dll10.0.14393.4169 (rs1_release.210107-1130)Send MailMicrosoft® Windows® Operating SystemMicrosoft CorporationSENDMAIL.DLLMD5=04626525E567811FC7ECB3E31D94F8B0,SHA256=678A3A9DD713DC61F72112BD3160B8753F1A50D1179FDFABD265C32103980A6AtrueMicrosoft WindowsValid 734700x80000000000000006503412Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Program Files\Notepad++\notepad++.exe8.14Notepad++ : a free (GPL) source code editorNotepad++Don HO don.h@free.frnotepad++.exeMD5=8D93FF22077355875C7BC59CEBE98B4F,SHA256=A345288CDF2B0A43B64E0C3264FC2839A76C98835CAC1A1920D68E21DD444EB3trueNotepad++Valid 734700x80000000000000006503475Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12trueMicrosoft WindowsValid 734700x80000000000000006503474Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006503473Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006503472Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006503471Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\comdlg32.dll10.0.14393.4283 (rs1_release.210303-1802)Common Dialogs DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcomdlg32.dllMD5=0DB1A588A248E852AD781AE14333A5C6,SHA256=6F9C36C2663B90439A1AEE74855C521FCBBDB8C7B88382C9464906F1691F65F6trueMicrosoft WindowsValid 734700x80000000000000006503468Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\msimg32.dll10.0.14393.0 (rs1_release.160715-1616)GDIEXT Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationgdiextMD5=78DA58DF85F86CA61E5EAFB9EF0A83BE,SHA256=3216205F5C355D582EC4B902651B62E1FF3EFFDCA40BC849D474F13F1325E962trueMicrosoft WindowsValid 734700x80000000000000006503443Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\SensApi.dll10.0.14393.0 (rs1_release.160715-1616)SENS Connectivity API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSensApi.dllMD5=DF734E991C205DC633582B8B5AD0E030,SHA256=68282D0183F3E580EF854BA0EA43686B9CD2ABA8DE61CD867224AC29C237E364trueMicrosoft WindowsValid 734700x80000000000000006503442Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\wininet.dll11.00.14393.4583 (rs1_release.210730-1850)Internet Extensions for Win32Internet ExplorerMicrosoft Corporationwininet.dllMD5=524876363DA8F469C13E0818256B6131,SHA256=DAA85FEAB4553D9A203A85A58C8CB26A2784E0D33226B41AAE98471DAE75C035trueMicrosoft WindowsValid 734700x80000000000000006503441Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002AtrueMicrosoft WindowsValid 734700x80000000000000006503440Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\wintrust.dll10.0.14393.4530 (rs1_release.210705-0736)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=992BCD32EF7680C574A426FAA4933ACA,SHA256=5755AC46B4220784A6E6AC12A755CC10892A5AE59B67924576075A1A29D68B3DtrueMicrosoft WindowsValid 734700x80000000000000006503439Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242trueMicrosoft WindowsValid 734700x80000000000000006503438Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5trueMicrosoft WindowsValid 734700x80000000000000006503437Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006503436Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FAtrueMicrosoft WindowsValid 734700x80000000000000006503435Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899trueMicrosoft WindowsValid 734700x80000000000000006503434Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430DtrueMicrosoft WindowsValid 734700x80000000000000006503433Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006503432Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006503431Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006503430Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575trueMicrosoft WindowsValid 734700x80000000000000006503429Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\windows.storage.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=1D7997E3AFC26B85024D33F835E18056,SHA256=B2376967E156D4971FB66059F6367030AF937943D2EBF80AF856E643B6E95BBFtrueMicrosoft WindowsValid 734700x80000000000000006503428Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704trueMicrosoft WindowsValid 734700x80000000000000006503427Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\shell32.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=837B8644B9CE47EC28152E7D764886E0,SHA256=C5BA64473FB38E6B4592EAFA642AF82715CBC676190985D8D8D4150CE840044FtrueMicrosoft WindowsValid 734700x80000000000000006503426Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006503425Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006503424Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006503423Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006503422Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006503421Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006503420Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006503419Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006503418Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006503417Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5trueMicrosoft WindowsValid 734700x80000000000000006503416Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CAtrueMicrosoft WindowsValid 734700x80000000000000006503415Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006503414Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006503413Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006503679Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:23.794{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\wpdshext.dll10.0.14393.4169 (rs1_release.210107-1130)Portable Devices Shell ExtensionMicrosoft® Windows® Operating SystemMicrosoft CorporationWpdShExt.dllMD5=CEB555E9099888316A1E2ADE83BA82BF,SHA256=4110FFD5F08100D1F6E1005E2907460E40B3221A0833B821BE291657416E89F0trueMicrosoft WindowsValid 734700x80000000000000006503676Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:23.663{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Program Files\Windows Photo Viewer\PhotoBase.dll10.0.14393.0 (rs1_release.160715-1616)Photo Base LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationPhotoBase.dllMD5=91C265D9C7BFF499B8745DC4B3F9CB67,SHA256=1E7686931403D2C31BD2102AF80F7E42583D4ECEE3A41D278026C8E9EFFF474EtrueMicrosoft WindowsValid 734700x80000000000000006503649Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:23.663{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\d3d9.dll10.0.14393.447 (rs1_release_inmarket.161102-0100)Direct3D 9 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D9.dllMD5=98326410B37312F3A57E8040250BDC32,SHA256=ADDEE549568ABA1E45C6868D76162F5DE6E58CBD83C43429EA0F9868ECA3DC42trueMicrosoft WindowsValid 734700x80000000000000006503624Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:23.647{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\efswrt.dll10.0.14393.4169 (rs1_release.210107-1130)Storage Protection Windows Runtime DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationefswrt.dllMD5=3B52E3346B479665AF22772F7A8A5DA5,SHA256=8844843BDEF197239497BDAEAAFE821B7C28D5B6E13DCF4F6F0B8B3A233EF813trueMicrosoft WindowsValid 734700x80000000000000006503599Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:23.678{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\mydocs.dll10.0.14393.4169 (rs1_release.210107-1130)My Documents Folder UIMicrosoft® Windows® Operating SystemMicrosoft Corporationmydocs.dllMD5=999FD44CF5713852E6083A43A7917761,SHA256=D5C75951C29B7F0AAA4EC9E9AB3195933E650C1F171092F389FD4DB66CA1CA20trueMicrosoft WindowsValid 734700x80000000000000006503597Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:23.678{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\sendmail.dll10.0.14393.4169 (rs1_release.210107-1130)Send MailMicrosoft® Windows® Operating SystemMicrosoft CorporationSENDMAIL.DLLMD5=04626525E567811FC7ECB3E31D94F8B0,SHA256=678A3A9DD713DC61F72112BD3160B8753F1A50D1179FDFABD265C32103980A6AtrueMicrosoft WindowsValid 734700x80000000000000006503590Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:23.647{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Program Files\Windows Photo Viewer\PhotoViewer.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Photo ViewerMicrosoft® Windows® Operating SystemMicrosoft CorporationPhotoViewer.dllMD5=E02E0B066DD26F75B9A4C74C5F35FEA8,SHA256=BA7B687ECFACCE65AF3B183535548027C7604A49F8810BC5711CB8B497C143B6trueMicrosoft WindowsValid 734700x80000000000000006503560Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:23.625{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\playtomenu.dll12.0.14393.4169 (rs1_release.210107-1130)Cast to Device Menu DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationplaytomenu.dllMD5=4082A7FE1EE0E1F6E9330091FDBC5016,SHA256=AB50444BE026A013BDCD8D2EDA98543EFBA1962703E936D365C2940E9C008065trueMicrosoft WindowsValid 734700x80000000000000006503860Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.961{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\odbc32.dll10.0.14393.3471 (rs1_release_1.191218-1729)ODBC Driver ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationodbc32.dllMD5=7BE20E672645485F6A3B2E34389344BA,SHA256=B6F6E06CACEE09FB6CC0ACF874477FC9094EA4C14A07FF59B228BDD23C7BF02AtrueMicrosoft WindowsValid 734700x80000000000000006503831Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.946{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\mfc42u.dll6.06.8063.0MFCDLL Shared Library - Retail VersionMicrosoft (R) Visual C++Microsoft CorporationMFC42.DLLMD5=DD361EE0A665F41783E02CEA20285E61,SHA256=457BF44CC1BE99FD74983178AC34E83AEC2ED73DFEE9F9FC7F5F501AD8A6D03BtrueMicrosoft WindowsValid 734700x80000000000000006503809Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.961{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\dpapi.dll10.0.14393.0 (rs1_release.160715-1616)Data Protection APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdpapi.dllMD5=927EA28A3F416A5A5E9FC638CA245EF5,SHA256=D399633CC99D754DD999BB4FFADD768FEA82F57A0241809117AD786DC33DD30EtrueMicrosoft WindowsValid 734700x80000000000000006503808Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.961{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006503805Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.946{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430DtrueMicrosoft WindowsValid 734700x80000000000000006503803Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.861{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\mspaint.exe10.0.14393.4169 (rs1_release.210107-1130)PaintMicrosoft® Windows® Operating SystemMicrosoft CorporationMSPAINT.EXEMD5=40B8190571F063DC4FE30FBCC5024D45,SHA256=2B8B741E318AC49A285943AC6133076958BCFA185D44A868CC3F51085F68EC37trueMicrosoft WindowsValid 734700x80000000000000006503780Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.946{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5trueMicrosoft WindowsValid 734700x80000000000000006503779Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.946{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\comdlg32.dll10.0.14393.4283 (rs1_release.210303-1802)Common Dialogs DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcomdlg32.dllMD5=0DB1A588A248E852AD781AE14333A5C6,SHA256=6F9C36C2663B90439A1AEE74855C521FCBBDB8C7B88382C9464906F1691F65F6trueMicrosoft WindowsValid 734700x80000000000000006503778Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.946{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006503777Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.946{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006503776Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.946{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006503775Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.945{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006503774Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.945{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006503773Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.945{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CAtrueMicrosoft WindowsValid 734700x80000000000000006503771Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.944{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006503770Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.944{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006503769Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.944{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006503768Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.944{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006503767Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.943{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006503766Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.924{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006503765Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.924{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006503764Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.924{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006503761Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.908{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006503737Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.893{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006503723Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.893{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006505448Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.876{4DF467A6-3F48-6132-1500-00000000F001}1216C:\Windows\System32\svchost.exeC:\Windows\System32\pnpts.dll10.0.14393.0 (rs1_release.160715-1616)PlugPlay TroubleshooterMicrosoft® Windows® Operating SystemMicrosoft Corporationpnpts.dllMD5=FFA44FD7FEDA32632E8CE84AD0F9101B,SHA256=2A0746A7876C1A430F9C9A5BE4BE28CAA2FF4F73477651AE5CC74462278F333BtrueMicrosoft WindowsValid 734700x80000000000000006505414Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.807{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\DmApiSetExtImplDesktop.dll10.0.14393.0 (rs1_release.160715-1616)DmApiSetExtImplDesktopMicrosoft® Windows® Operating SystemMicrosoft CorporationDmApiSetExtImplDesktop.dllMD5=89A2945D9F03BD5CE4FE786FC3FA01AC,SHA256=ECBF426E75A3C954374FA4FD3F815FCD24D30FE2550013FCBA03C57CCB7EEB7BtrueMicrosoft WindowsValid 734700x80000000000000006505382Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.807{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\iri.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)iriMicrosoft® Windows® Operating SystemMicrosoft Corporationiri.dllMD5=AF8D35DD59781A0C1A1CE0D8792E330C,SHA256=CC67A743C34143F13B9D7265A0FDD4BC23505E9DA8B9F25D7D2CFB25FD67CDC1trueMicrosoft WindowsValid 734700x80000000000000006505362Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.807{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\omadmapi.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)omadmapiMicrosoft® Windows® Operating SystemMicrosoft Corporationomadmapi.dllMD5=EF8BD33B59DC278706C5DDD4198865EA,SHA256=D333877C5C468AF921D3FE7E072A686020AE4140C0828C8C61D7786399D48C2CtrueMicrosoft WindowsValid 734700x80000000000000006505334Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.807{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\dmxmlhelputils.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)dmxmlhelputilsMicrosoft® Windows® Operating SystemMicrosoft Corporationdmxmlhelputils.dllMD5=D736BB34651B8B66B58135B00BC73A9E,SHA256=433472EB2A0F30B3B3DB906AA09DA241775747087329FBA4270F14C213D344F0trueMicrosoft WindowsValid 734700x80000000000000006505306Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.807{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\dmcfgutils.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)dmcfgutilsMicrosoft® Windows® Operating SystemMicrosoft Corporationdmcfgutils.dllMD5=5BB823D136C74E3AEB50A2F8FD1AB3D3,SHA256=22DDB2DB95C4BC76AEDD4527E4F1FD2E3DF6A617442977B05C2876A91F0DEE4DtrueMicrosoft WindowsValid 734700x80000000000000006505281Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.807{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\dmcsps.dll10.0.14393.2608 (rs1_release.181024-1742)dmcspsMicrosoft® Windows® Operating SystemMicrosoft Corporationdmcsps.dllMD5=3E2BE79AA01A983FE8E292BE943A145C,SHA256=CDFCC3B473CD671530926E08ECFE26C3BEB19AE995C63B5BDD7759BEB01EF74BtrueMicrosoft WindowsValid 734700x80000000000000006505256Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.807{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\dmenrollengine.dll10.0.14393.4169 (rs1_release.210107-1130)Enroll Engine DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdmEnrollEngine.dllMD5=586A17DA943C9E82C0FB872B4ED32D70,SHA256=04DCD2D48EDF52AA01611BE64FE3382CB847413F522AFD9B64A272FD7493CFF7trueMicrosoft WindowsValid 734700x80000000000000006505227Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.792{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\enterpriseresourcemanager.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)enterpriseresourcemanager DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationenterpriseresourcemanager.dllMD5=0302E3FE61103E007ACF38D3F07D55A0,SHA256=AC171FD434FB589664C3636D31E51AC96971A9E59CA251CA039A518D3E857C56trueMicrosoft WindowsValid 734700x80000000000000006505201Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.823{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\OnDemandConnRouteHelper.dll10.0.14393.4169 (rs1_release.210107-1130)On Demand Connctiond Route HelperMicrosoft® Windows® Operating SystemMicrosoft CorporationOnDemandConnRouteHelper.dllMD5=BAE78E97BEBB832376654560305922E3,SHA256=6A188DC4F1005E46CCA529E9C757D9B3B5F98E5587AFAA5E4200C7DD2AC73355trueMicrosoft WindowsValid 734700x80000000000000006505195Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.792{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\dmoleaututils.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)dmoleaututilsMicrosoft® Windows® Operating SystemMicrosoft Corporationdmoleaututils.dllMD5=58F5C38F979C23E9C3A8D6EFA7A01CE5,SHA256=C7A6A9B121CC95F906EDEDEFF1CD5C3E8D51295F149982DE66DA6AD73DB79C06trueMicrosoft WindowsValid 734700x80000000000000006505172Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.792{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\dmiso8601utils.dll10.0.14393.0 (rs1_release.160715-1616)dmiso8601utilsMicrosoft® Windows® Operating SystemMicrosoft Corporationdmiso8601utils.dllMD5=2F40C02593E583ADB3A6C6A6A25E0C49,SHA256=0C0A3221B34778274D7808379015DEEBB76B3B8524C01F75105B0C3D44750C2FtrueMicrosoft WindowsValid 734700x80000000000000006505141Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.792{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\configmanager2.dll10.0.14393.4169 (rs1_release.210107-1130)ConfigManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationconfigmanager2.dllMD5=C2DB188E223282022D7475373B4DA96F,SHA256=F19CDC4A555243E2492351EBF5CC0B30E53654DD7D80F7D0884AE3C9CBEAC5E3trueMicrosoft WindowsValid 734700x80000000000000006505109Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.776{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\winsta.dll10.0.14393.0 (rs1_release.160715-1616)Winstation LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationwinsta.dllMD5=12668CEFEE3754CFA61C5699821668B3,SHA256=D0C81619EDE8B846D98417989684EF16DF3A053CC049C7281E40F3359AD5B570trueMicrosoft WindowsValid 734700x80000000000000006505108Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.776{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wtsapi32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Remote Desktop Session Host Server SDK APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationwtsapi32.dllMD5=D0DB3DD09FB2B4ADABF4E719FAFC4EB9,SHA256=8B7C056B5F4AB604ED5077A39C63CE1B5A34929DE76DA4A3C54D6E648D123BABtrueMicrosoft WindowsValid 734700x80000000000000006505107Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.776{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\wmipcima.dll10.0.14393.0 (rs1_release.160715-1616)WMI Win32Ex ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationWMIPCIMA.dllMD5=BE602701F8F2E4CAFB7E68B1C15C9459,SHA256=8D6F52ACDC1FAB76654A09F47035B7810C874445D78DCF1BAD9A5AA70179A29CtrueMicrosoft WindowsValid 734700x80000000000000006505078Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.776{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006505070Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.760{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\schedcli.dll10.0.14393.0 (rs1_release.160715-1616)Scheduler Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSCHEDCLI.DLLMD5=9565E2180ACA12EC2DAAF237568BB7FF,SHA256=450DEFF97BA11F320372CADABDFEE221D4821652DB14CBE2B2AC22DE6F212C2DtrueMicrosoft WindowsValid 734700x80000000000000006505040Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.760{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\cscapi.dll10.0.14393.0 (rs1_release.160715-1616)Offline Files Win32 APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcscapi.dllMD5=6433F8201BFB449DC6B47F6999C2F164,SHA256=06729F1E0A0596620B48B6DC4A2CC9CC5FE55B17BD488C71F7F15AA4262C8C14trueMicrosoft WindowsValid 734700x80000000000000006505038Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.760{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\dsrole.dll10.0.14393.0 (rs1_release.160715-1616)DS Setup Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationDSROLE.DLLMD5=2A319EC8DF0FB5C46CF311B9D2B65B1D,SHA256=62B8900EFDF4B30E54E11232A8DA95DBF066DAEFD364A66EB99ADC028A3798F7trueMicrosoft WindowsValid 734700x80000000000000006505036Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.760{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006505034Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.760{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\logoncli.dll10.0.14393.3808 (rs1_release.200707-2105)Net Logon Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationLOGONCLI.DLLMD5=B5C16F0A457DB3C7695AAC9EE7E3EE1E,SHA256=88764349C57E619C6D1253BB2F4AFB27DBD141E9EB9C12D445C20F7384A4F437trueMicrosoft WindowsValid 734700x80000000000000006505033Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.760{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006505032Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.760{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006505031Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.760{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\samcli.dll10.0.14393.0 (rs1_release.160715-1616)Security Accounts Manager Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSAMCLI.DLLMD5=AEF1161232D111EEA93F64B203F131AE,SHA256=C1DA3DF389A414AAA26FEEEA28F35AAC202CE3A5CC3AF26B7C0C14EBBC2157F9trueMicrosoft WindowsValid 734700x80000000000000006505030Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.760{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006505026Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.745{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\security.dll10.0.14393.0 (rs1_release.160715-1616)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecurity.dllMD5=0C05DA5BB5C6841C6290F64CA34F1CBD,SHA256=9C48F8D23D42C3CAF06938C2B8AAFCB51E4BE879BA21578FDD9B9D6635F1C0D8trueMicrosoft WindowsValid 734700x80000000000000006505003Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.745{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242trueMicrosoft WindowsValid 734700x80000000000000006505002Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.745{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FAtrueMicrosoft WindowsValid 734700x80000000000000006505001Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.745{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\schannel.dll10.0.14393.4225 (rs1_release.210127-1811)TLS / SSL Security ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationschannel.dllMD5=2562B81E255EB6DF8497402ABC6C59BB,SHA256=340532C238CA5B84BA9D7A2DB4D1CCD58D869FECC44A463A93F54C974E1B41F4trueMicrosoft WindowsValid 734700x80000000000000006504999Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.745{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006504988Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.745{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\winbrand.dll10.0.14393.4530 (rs1_release.210705-0736)Windows Branding ResourcesMicrosoft® Windows® Operating SystemMicrosoft Corporationwinbrand.dllMD5=79E4DAD0DB8F0D1258F7092007354241,SHA256=DDFCF94DA71C8F49DC505F2FC94540037A0955BE831BF59C34BFBB62A998FB20trueMicrosoft WindowsValid 734700x80000000000000006504987Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.707{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\updatepolicy.dll10.0.14393.4169 (rs1_release.210107-1130)Update Policy ReaderMicrosoft® Windows® Operating SystemMicrosoft CorporationUpdatePolicy.dllMD5=09B15E89229BF856D0DF5A32967E334F,SHA256=A59504806F0C8C8DA001C74C7DE5014E5C00281919CE248BE6D8486209609C24trueMicrosoft WindowsValid 734700x80000000000000006504962Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.707{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\wuuhext.dll10.0.14393.4283 (rs1_release.210303-1802)Windows Update Agent plugin for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationWuUhExt.dllMD5=7D00FF754D47F46318931EB52272847E,SHA256=55B5CDDD7793350C2A3FC2E73D9A30705EF00B55ACF2153E44D71F21AB631366trueMicrosoft WindowsValid 734700x80000000000000006504923Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.692{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\esent.dll10.0.14393.3686 (rs1_release.200504-1524)Extensible Storage Engine for Microsoft(R) Windows(R)Microsoft® Windows® Operating SystemMicrosoft Corporationesent.dllMD5=372653326F31FCCA92A05331BCC8C95D,SHA256=B300AF0A4651A44C4D7D344033EB6317480CEF6F9E24BE1B34DA75A1B00C1807trueMicrosoft WindowsValid 734700x80000000000000006504897Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.707{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\msxml6.dll6.30.14393.4530MSXML 6.0Microsoft XML Core ServicesMicrosoft CorporationMSXML6.dllMD5=10A0259030F41545ECAFB6A595F7C457,SHA256=CF160C3ADCE5AA2357697A02C6FC38071CBE1818B036F1C67F746868EB7F814DtrueMicrosoft WindowsValid 734700x80000000000000006504891Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.707{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\wups.dll10.0.14393.4283 (rs1_release.210303-1802)Windows Update client proxy stubMicrosoft® Windows® Operating SystemMicrosoft Corporationwups.dllMD5=45D5EE4A9A44F78C17648C677BF5E316,SHA256=BD21DC9968FF1D392A8416BECDD7B365C9B0E9035512D0D91DD550A61C32E04CtrueMicrosoft WindowsValid 734700x80000000000000006504882Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.707{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\cabinet.dll5.00 (rs1_release.160715-1616)Microsoft® Cabinet File APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcabinet.dllMD5=08A4A2712DB2AE10E483FB74E46B0E73,SHA256=EEB32E3E4256CC9935227ACD5BA576B75F1F6FE3C818D2127513CB22F823FECBtrueMicrosoft WindowsValid 734700x80000000000000006504878Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.660{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\wups2.dll10.0.14393.4104 (rs1_release.201202-1742)Windows Update client proxy stub 2Microsoft® Windows® Operating SystemMicrosoft Corporationwups2.dllMD5=A58988DAC28CECA6A7A88876F2C9AA49,SHA256=55AA65930A8CD53BB8E78176D5FDEA784CDB8360129A2C84C1001DA980F81C90trueMicrosoft WindowsValid 734700x80000000000000006504850Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.660{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\wuaueng.dll10.0.14393.4283 (rs1_release.210303-1802)Windows Update AgentMicrosoft® Windows® Operating SystemMicrosoft Corporationwuaueng.dllMD5=62512DEC2075C86E746999FED5BE3EE7,SHA256=BCE4A05D601D358F06F4D8F996AAA1923A8EE9D37262CC9B20B143BE070C4641trueMicrosoft WindowsValid 734700x80000000000000006504824Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.660{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\wups.dll10.0.14393.4283 (rs1_release.210303-1802)Windows Update client proxy stubMicrosoft® Windows® Operating SystemMicrosoft Corporationwups.dllMD5=45D5EE4A9A44F78C17648C677BF5E316,SHA256=BD21DC9968FF1D392A8416BECDD7B365C9B0E9035512D0D91DD550A61C32E04CtrueMicrosoft WindowsValid 734700x80000000000000006504816Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.623{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\wups.dll10.0.14393.4283 (rs1_release.210303-1802)Windows Update client proxy stubMicrosoft® Windows® Operating SystemMicrosoft Corporationwups.dllMD5=45D5EE4A9A44F78C17648C677BF5E316,SHA256=BD21DC9968FF1D392A8416BECDD7B365C9B0E9035512D0D91DD550A61C32E04CtrueMicrosoft WindowsValid 734700x80000000000000006504784Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.623{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\wuapi.dll10.0.14393.4283 (rs1_release.210303-1802)Windows Update Client APIMicrosoft® Windows® Operating SystemMicrosoft Corporationwuapi.dllMD5=10022E8514165B69D355201C1C647BA4,SHA256=B3E95FEA9C0DC81D9FB14CEBFE2B96E013C9720ED3A4DC7528725791768AA125trueMicrosoft WindowsValid 734700x80000000000000006504763Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.623{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\coml2.dll10.0.14393.2608 (rs1_release.181024-1742)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOML2.DLLMD5=F51CCB7A95B83C1327390BF672AFD328,SHA256=850E50B525EF51374B880146E26464D10A8B1DAE1E0307F7B27DC7322824F2BFtrueMicrosoft WindowsValid 734700x80000000000000006504735Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.508{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\apphelp.dll10.0.14393.4350 (rs1_release.210407-2154)Application Compatibility Client LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationApphelpMD5=92330FA0551BFFBB8C1C97E86F9A0264,SHA256=0F341AF375236EBF7047F6AE50F2834566F0D859F0F02B8A5FFD7F29C31B0117trueMicrosoft WindowsValid 734700x80000000000000006504710Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.523{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\oleacc.dll7.2.14393.4169 (rs1_release.210107-1130)Active Accessibility Core ComponentMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEACC.DLLMD5=1B04659F0A22BFE9142B6AD36467ACEA,SHA256=67BC7C19D71FB98A7B5882B0F2BFC8F2E4491B4ACBE23EE545D54FFCAEC808E9trueMicrosoft WindowsValid 734700x80000000000000006504705Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.445{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\newdev.dll6.0.5054.0Add Hardware Device LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationnewdev.dllMD5=D30B8CDEF65A0A47C32B7BC4D5ADEFA4,SHA256=5B5E91A1147984A2B737DF4148855D331C125AC08AFD5B15848DF93097A935D8trueMicrosoft WindowsValid 734700x80000000000000006504682Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.508{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\PhotoMetadataHandler.dll10.0.14393.4169 (rs1_release.210107-1130)Photo Metadata HandlerMicrosoft® Windows® Operating SystemMicrosoft CorporationPhotoMetadataHandler.dllMD5=6FB0850ABAD1E8FDD1F662FCF819262C,SHA256=3EFCA956A159AE40CE292607EC59E4D258BDE13EAB51AFEF270FE55154CFA26EtrueMicrosoft WindowsValid 734700x80000000000000006504675Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.445{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\DeviceDriverRetrievalClient.dll10.0.14393.4169 (rs1_release.210107-1130)Device Driver Retrieval ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationDeviceDriverRetrievalClient.dllMD5=7C461ED06FD994B8A3E57404D5B8FCBA,SHA256=6F6AB2AB4EC262F4C904B4BCDCC7891B45FDFBEF8AFC79C95503631BB269C2A8trueMicrosoft WindowsValid 734700x80000000000000006504650Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.445{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\DevPropMgr.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Windows Device Property ManagerMicrosoft® Windows® Operating SystemMicrosoft CorporationDevPropMgr.DLLMD5=DA1E3744D62D328893EA0A0C173DA6D8,SHA256=00C5A7703BE29FF8834F9A53258CF0993A21FDE8E0ECF3EF7C31CA756B8B38D3trueMicrosoft WindowsValid 734700x80000000000000006504620Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.441{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\WindowsCodecs.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Windows Codecs LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationWindowsCodecsMD5=B791899A46FD151559658F4F86C3C6F5,SHA256=E559B36A3CC2261C16916F2D49FA351DC4E21E5EC581AC43547ABA16F70CDA7EtrueMicrosoft WindowsValid 734700x80000000000000006504540Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.440{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\DeviceSetupManager.dll10.0.14393.0 (rs1_release.160715-1616)Device Setup ManagerMicrosoft® Windows® Operating SystemMicrosoft CorporationDeviceSetupManager.dllMD5=7433474BE77F065D2FA628671FE31A3E,SHA256=063ADDC68F48036749E6EC7B2F66284DB29F90F62E9468D16B4EF5A0FDC45E35trueMicrosoft WindowsValid 734700x80000000000000006504506Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.423{4DF467A6-3F48-6132-1200-00000000F001}852C:\Windows\System32\svchost.exeC:\Windows\System32\rmclient.dll10.0.14393.4169 (rs1_release.210107-1130)Resource Manager ClientMicrosoft® Windows® Operating SystemMicrosoft Corporationrmclient.dllMD5=D3ABCEC776B1B1D7457A2E8E05F79EE3,SHA256=C368321C5BB811D937E8ABDD2BC3EB959BB8B65F49C104B5AD746129E4E5D169trueMicrosoft WindowsValid 734700x80000000000000006504484Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.423{4DF467A6-3F48-6132-1200-00000000F001}852C:\Windows\System32\svchost.exeC:\Windows\System32\das.dll10.0.14393.4169 (rs1_release.210107-1130)Device Association ServiceMicrosoft® Windows® Operating SystemMicrosoft Corporationdas.dllMD5=B889E02516F4E8363E3444456AFA4DAE,SHA256=212A4A78C22B8B97C7609EEF9C8F005798596113D8A1799D5FBCEF04D0E44EF0trueMicrosoft WindowsValid 734700x80000000000000006504457Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.461{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12trueMicrosoft WindowsValid 734700x80000000000000006504456Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.408{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\atlthunk.dll10.0.14393.2969 (rs1_release.190503-1820)atlthunk.dllMicrosoft® Windows® Operating SystemMicrosoft Corporationatlthunk.dllMD5=BECA5E9FA540246333036919A57B7AEF,SHA256=62C24B274B38A88C83EE122CB30142C2135953C1A26582AD003512B238CB7FC9trueMicrosoft WindowsValid 734700x80000000000000006504426Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.392{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\atl.dll3.05.2284ATL Module for Windows XP (Unicode)Microsoft (R) Visual C++Microsoft CorporationATL.DLLMD5=C1B73181019C1E1F28F4161B5F198B7F,SHA256=C3678504437D23910C18D3680B05B4E819A2229BDD0E1E0567186C70D814560DtrueMicrosoft WindowsValid 734700x80000000000000006504395Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.392{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\fdPnp.dll10.0.14393.4169 (rs1_release.210107-1130)Pnp Provider DllMicrosoft® Windows® Operating SystemMicrosoft CorporationfdPnp.dllMD5=23D6408C20F4A0047E5F586354492C2F,SHA256=49F69E54AA909ECFD8A463B102BE708B496AD9A1EF73BAD2C10383E234AA75B1trueMicrosoft WindowsValid 734700x80000000000000006504356Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.392{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\sti.dll10.0.14393.3442 (rs1_release.191219-1727)Still Image Devices client DLL Microsoft® Windows® Operating SystemMicrosoft CorporationSTI.DLLMD5=C756057A0E7B12B1DA677BF555513700,SHA256=FF23B7A568CB0A48C7EC53C363F6C0CEE41ACE16D04380C2B598736AA183FB1BtrueMicrosoft WindowsValid 734700x80000000000000006504353Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.392{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\sti.dll10.0.14393.3442 (rs1_release.191219-1727)Still Image Devices client DLL Microsoft® Windows® Operating SystemMicrosoft CorporationSTI.DLLMD5=C756057A0E7B12B1DA677BF555513700,SHA256=FF23B7A568CB0A48C7EC53C363F6C0CEE41ACE16D04380C2B598736AA183FB1BtrueMicrosoft WindowsValid 734700x80000000000000006504306Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.376{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\fundisc.dll10.0.14393.0 (rs1_release.160715-1616)Function Discovery DllMicrosoft® Windows® Operating SystemMicrosoft CorporationFunDisc.dllMD5=0F54ABD1EAC74FC00BED394DC7F3F682,SHA256=366EB1FCC88FA18EAFA954FBBB967B0E1383929E2FADBB54ED2174E9B07F0998trueMicrosoft WindowsValid 734700x80000000000000006504278Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.376{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\deviceassociation.dll10.0.14393.0 (rs1_release.160715-1616)Device Association Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdeviceassociation.dllMD5=68139108F7E1D4327BE76289E14C2159,SHA256=05436A7EE5EE877F3EA6B12604D41EFCE288F093AAEE03A906FB7C9A4A76DFDAtrueMicrosoft WindowsValid 734700x80000000000000006504254Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.408{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\UIRibbonRes.dll10.0.14393.2969 (rs1_release.190503-1820)Windows Ribbon Framework ResourcesMicrosoft® Windows® Operating SystemMicrosoft CorporationUIRibbonRes.dllMD5=0E292AC74DFBCBC12876A2B9F1BAD117,SHA256=058A57CF7DE921134A785903FF03CB254F07F901D9561EEFEFFA3597D0CC3BC9trueMicrosoft WindowsValid 734700x80000000000000006504251Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.376{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\wsdchngr.dll10.0.14393.0 (rs1_release.160715-1616)WSD Challenge ComponentMicrosoft® Windows® Operating SystemMicrosoft CorporationWSDChngr.dllMD5=D912A3C7773C63C885D295174FD9BE9A,SHA256=EB4E97A238C74B1DBD9D5086CC04B2922E68736AFDF60CE7989544C948D1D62EtrueMicrosoft WindowsValid 734700x80000000000000006504224Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.408{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=74621C6ABE4E9A568DF0A38E7282D71E,SHA256=0788A092D47800D0EB120A7DBB9E59234D0722A4A2E80ECE6CE70E3A84A3750AtrueMicrosoft WindowsValid 734700x80000000000000006504223Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.376{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBEtrueMicrosoft WindowsValid 734700x80000000000000006504195Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.392{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\wiatrace.dll10.0.14393.0 (rs1_release.160715-1616)WIA TracingMicrosoft® Windows® Operating SystemMicrosoft CorporationWIATRACE.DLLMD5=0BC9CC67EF837471465CD54CF416FBE7,SHA256=25DB698335CEAAE5F876662E9BDB3B2AE430D3F39E87375D03DBA39728EA42CDtrueMicrosoft WindowsValid 734700x80000000000000006504190Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.392{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\xmllite.dll10.0.14393.3143 (rs1_release.190725-1725)Microsoft XmlLite LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationXmlLite.dllMD5=64E301CCFADF34810ADA8DE9DBC7720F,SHA256=6EAE1E0E610793C7DF2B27795553F377D2C4126CF74D8EE4A84DE3C3150871F8trueMicrosoft WindowsValid 734700x80000000000000006504189Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.392{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5trueMicrosoft WindowsValid 734700x80000000000000006504188Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.376{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11trueMicrosoft WindowsValid 734700x80000000000000006504187Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.376{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006504175Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.339{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\wiatrace.dll10.0.14393.0 (rs1_release.160715-1616)WIA TracingMicrosoft® Windows® Operating SystemMicrosoft CorporationWIATRACE.DLLMD5=0BC9CC67EF837471465CD54CF416FBE7,SHA256=25DB698335CEAAE5F876662E9BDB3B2AE430D3F39E87375D03DBA39728EA42CDtrueMicrosoft WindowsValid 734700x80000000000000006504161Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.345{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704trueMicrosoft WindowsValid 734700x80000000000000006504158Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.345{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575trueMicrosoft WindowsValid 734700x80000000000000006504155Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.343{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\cryptdll.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptography ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptdll.dllMD5=4B31902F1E0B79CE7E46D9877647C1CC,SHA256=8925892119315293C49D09A26191149660934BF1E5D3D023722E90339ADA38AAtrueMicrosoft WindowsValid 734700x80000000000000006504154Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.343{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\NtlmShared.dll10.0.14393.3269 (rs1_release.190929-1234)NTLM Shared FunctionalityMicrosoft® Windows® Operating SystemMicrosoft CorporationNtlmShared.dllMD5=99F4D90B3ED53855C06F856006E770D1,SHA256=A95E5823B68182C4E32CB783AD23BC4FF60690001C70E6B5E920C12740C4C37CtrueMicrosoft WindowsValid 734700x80000000000000006504152Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.343{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006504150Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.342{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\msv1_0.dll10.0.14393.3866 (rs1_release.200805-1327)Microsoft Authentication Package v1.0Microsoft® Windows® Operating SystemMicrosoft CorporationMSV1_0.DLLMD5=2A725546D9B1F9DB4974A2EA4225D0A8,SHA256=46AD1AC8C7DB7D21E8F41EFC734B855CEE566CB58F8FB825775490DC5DE89C94trueMicrosoft WindowsValid 734700x80000000000000006504142Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\wiaservc.dll10.0.14393.3866 (rs1_release.200805-1327)Still Image Devices ServiceMicrosoft® Windows® Operating SystemMicrosoft CorporationWIASERVC.DLLMD5=BB702BDEC5677293ABE6874EF5814915,SHA256=2685CC5420C1C5BC52C4C97F852BDA202B8006B82295CB45CD9AEC5EF0ED840AtrueMicrosoft WindowsValid 734700x80000000000000006504126Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.341{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006504122Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.341{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006504116Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\wintrust.dll10.0.14393.4530 (rs1_release.210705-0736)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=992BCD32EF7680C574A426FAA4933ACA,SHA256=5755AC46B4220784A6E6AC12A755CC10892A5AE59B67924576075A1A29D68B3DtrueMicrosoft WindowsValid 734700x80000000000000006504115Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242trueMicrosoft WindowsValid 734700x80000000000000006504114Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FAtrueMicrosoft WindowsValid 734700x80000000000000006504113Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\wldp.dll10.0.14393.3143 (rs1_release.190725-1725)Windows Lockdown PolicyMicrosoft® Windows® Operating SystemMicrosoft Corporationwldp.dllMD5=51A0208B106B4392AC4B3174B27A39EF,SHA256=EA9955976994C44DC091A07C69E9C863A4D5A960900019D3C4136BDFD1F885D4trueMicrosoft WindowsValid 734700x80000000000000006504112Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5trueMicrosoft WindowsValid 734700x80000000000000006504111Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006504110Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006504109Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006504108Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006504107Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006504106Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006504105Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006504104Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006504103Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006504101Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006504099Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006504097Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.308{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006504088Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.308{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for Windows ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationsvchost.exeMD5=36F670D89040709013F6A460176767EC,SHA256=438B6CCD84F4DD32D9684ED7D58FD7D1E5A75FE3F3D12AB6C788E6BB0FFAD5E7trueMicrosoft Windows PublisherValid 734700x80000000000000006504086Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.308{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006504077Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.308{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006504068Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.308{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006504067Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.308{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006504065Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.308{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006504059Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.245{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\WinTypes.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Base Types DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWinTypes.dllMD5=9F209F29ABFF007F55328BCC36367005,SHA256=7F2CBE9B349062DFD782032D50C335E6C292EC5F509746941982A7161F24ED84trueMicrosoft WindowsValid 734700x80000000000000006504033Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.245{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006504032Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.245{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\twinapi.appcore.dll10.0.14393.4169 (rs1_release.210107-1130)twinapi.appcoreMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.appcore.dllMD5=B877C5BDEA2215B3D3CF89F645EB535C,SHA256=2F5468CC4277C8CB4B2AD1095AFC739ECAE0F0B6EE78E57BF64A97F3BDA54C19trueMicrosoft WindowsValid 734700x80000000000000006504031Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.245{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\mpr.dll10.0.14393.2879 (rs1_release_inmarket.190313-1855)Multiple Provider Router DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmpr.dllMD5=0E56DB60C434D51769F2DAC48B9AA686,SHA256=3F9AED98B1B7F6A59C219F622FD91C7FD20BFE280935F5334920A02ECCAE7ED6trueMicrosoft WindowsValid 734700x80000000000000006504029Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.245{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\efswrt.dll10.0.14393.4169 (rs1_release.210107-1130)Storage Protection Windows Runtime DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationefswrt.dllMD5=3B52E3346B479665AF22772F7A8A5DA5,SHA256=8844843BDEF197239497BDAEAAFE821B7C28D5B6E13DCF4F6F0B8B3A233EF813trueMicrosoft WindowsValid 734700x80000000000000006504028Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.245{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\xmllite.dll10.0.14393.3143 (rs1_release.190725-1725)Microsoft XmlLite LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationXmlLite.dllMD5=64E301CCFADF34810ADA8DE9DBC7720F,SHA256=6EAE1E0E610793C7DF2B27795553F377D2C4126CF74D8EE4A84DE3C3150871F8trueMicrosoft WindowsValid 734700x80000000000000006504027Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.245{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\UIRibbon.dll10.0.14393.2969 (rs1_release.190503-1820)Windows Ribbon FrameworkMicrosoft® Windows® Operating SystemMicrosoft CorporationUIRibbon.dllMD5=9D1DA01AD4A8FE3EB9A3AA8C624A3D17,SHA256=CCBCB2185E26DFDCA2F4E1602C30F5765EC1513CCCEE0B78EB4DD8A5E881D6EEtrueMicrosoft WindowsValid 734700x80000000000000006504018Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.208{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006503907Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.208{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\msftedit.dll10.0.14393.4169 (rs1_release.210107-1130)Rich Text Edit Control, v8.5Microsoft® Windows® Operating SystemMicrosoft CorporationMsftEdit.DLLMD5=0278F6675C79A2013494CDDDCFD6C7B3,SHA256=14F536EB288788586C90DE568BAB6C113D3F4CCD0EE732A17D438A23B225720AtrueMicrosoft WindowsValid 734700x80000000000000006503906Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.177{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\msctf.dll10.0.14393.4530 (rs1_release.210705-0736)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=E2374A214A9F0C8347C29EBDE3447986,SHA256=F2260FE7E0C4E92D49CF0F550E2A1B3D3F1D2D76E6F5C8F16B0E16B6117D9EE1trueMicrosoft WindowsValid 734700x80000000000000006503903Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.177{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12trueMicrosoft WindowsValid 734700x80000000000000006503902Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.177{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.4530_none_aec97a71ddd5fa56\GdiPlus.dll10.0.14393.4530 (rs1_release.210705-0736)Microsoft GDI+Microsoft® Windows® Operating SystemMicrosoft CorporationgdiplusMD5=D1F325FD8BA2F0AA9F853CB05DBDE6F6,SHA256=ED1FDCE716A2D5E0703DEBAE0E272BAA49C750B31773E9C0ADFCF5F9758F9350trueMicrosoft WindowsValid 734700x80000000000000006503899Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.177{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\feclient.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT File Encryption Client InterfacesMicrosoft® Windows® Operating SystemMicrosoft CorporationFECLIENT.DLLMD5=AFCC2CA506D4A09F7D8B79BBF7D2CF1E,SHA256=6616D794EC0DE4CE7A99451AA5B299CEE213618D8F0854D1D6987862472FAD6BtrueMicrosoft WindowsValid 734700x80000000000000006503876Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.177{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002AtrueMicrosoft WindowsValid 734700x80000000000000006503873Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.177{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1CtrueMicrosoft WindowsValid 734700x80000000000000006503872Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.177{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1CtrueMicrosoft WindowsValid 734700x80000000000000006503871Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.161{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36trueMicrosoft WindowsValid 734700x80000000000000006503870Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.161{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87trueMicrosoft WindowsValid 734700x80000000000000006503869Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.161{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899trueMicrosoft WindowsValid 734700x80000000000000006503868Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.161{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006503867Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.161{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575trueMicrosoft WindowsValid 734700x80000000000000006503866Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.161{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\windows.storage.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=1D7997E3AFC26B85024D33F835E18056,SHA256=B2376967E156D4971FB66059F6367030AF937943D2EBF80AF856E643B6E95BBFtrueMicrosoft WindowsValid 734700x80000000000000006503865Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.108{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704trueMicrosoft WindowsValid 734700x80000000000000006503864Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.108{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\shell32.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=837B8644B9CE47EC28152E7D764886E0,SHA256=C5BA64473FB38E6B4592EAFA642AF82715CBC676190985D8D8D4150CE840044FtrueMicrosoft WindowsValid 734700x80000000000000006506445Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.974{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\servicing\CbsApi.dll10.0.14393.0 (rs1_release.160715-1616)Component Based Servicing API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcbsapi.dllMD5=176E556358F4F4868397D080CA660F6E,SHA256=A41CED61F2C7E67FE65397F9AC037EF0C720A168C183C647F8FAD07A8DA0B6AEtrueMicrosoft WindowsValid 734700x80000000000000006506444Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.974{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\servicing\CbsApi.dll10.0.14393.0 (rs1_release.160715-1616)Component Based Servicing API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcbsapi.dllMD5=176E556358F4F4868397D080CA660F6E,SHA256=A41CED61F2C7E67FE65397F9AC037EF0C720A168C183C647F8FAD07A8DA0B6AEtrueMicrosoft WindowsValid 734700x80000000000000006506443Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.974{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006506441Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.974{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006506440Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.974{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006506439Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.974{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006506438Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.974{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006506437Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.974{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006506435Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.974{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006506434Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.974{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006506433Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.974{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006506432Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.974{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006506431Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.974{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\wdscore.dll10.0.14393.4222 (rs1_release.210113-1739)Panther Engine ModuleMicrosoft® Windows® Operating SystemMicrosoft CorporationWDSCORE.DLLMD5=98DE446AA9B3B6CEBE69CD86215D843C,SHA256=2D15FB7CC3A7DB626F3F9522B0C3EF8995919EC9775DA171A5F755A690FDAE97trueMicrosoft WindowsValid 734700x80000000000000006506429Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.959{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006506428Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.959{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006506427Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.959{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006506426Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.959{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006506425Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.959{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006506424Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.959{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006506423Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.959{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006506422Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.959{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006506421Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.959{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006506420Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.959{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006506419Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.959{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\servicing\TrustedInstaller.exe10.0.14393.3564 (rs1_release.200303-1942)Windows Modules InstallerMicrosoft® Windows® Operating SystemMicrosoft CorporationTrustedInstaller.exeMD5=187076E4BC7B2F5FB7D54D1234B3CDEA,SHA256=7AE4CC64E2F0E5C58ABB6542233DA78B9AEAAD22C9D853AB96265EF3FBFEFABEtrueMicrosoft WindowsValid 734700x80000000000000006506291Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.743{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\msi.dll5.0.14393.4530Windows InstallerWindows Installer - UnicodeMicrosoft Corporationmsi.dllMD5=4479EEB5C5400D4C084274BA015750FA,SHA256=6B30AE7147132038E603EEB2D35C35BB3D03EC5AFA560D31969E2D39A44ACDCDtrueMicrosoft WindowsValid 734700x80000000000000006506054Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.522{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\dispci.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft Display Class InstallerMicrosoft® Windows® Operating SystemMicrosoft CorporationDispCI.dllMD5=78287C2EB0594C1FD9657775646CC907,SHA256=F2F5C8F3FE65081E397A6394B328E3175DB0F91B7C067A4D1AB9525869A2B094trueMicrosoft WindowsValid 734700x80000000000000006505593Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.444{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006505585Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.442{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\webservices.dll10.0.14393.2312 (rs1_release.180607-1919)Windows Web Services RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationWebServices.dllMD5=3EE43755685D59060FAC0E2F09D67686,SHA256=BF80D9B840C28BC4E8FE9A4E6DBCCCAEE37A108F83428ABA1DD780D5312369D8trueMicrosoft WindowsValid 734700x80000000000000006506692Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.205{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\msxml6.dll6.30.14393.4530MSXML 6.0Microsoft XML Core ServicesMicrosoft CorporationMSXML6.dllMD5=10A0259030F41545ECAFB6A595F7C457,SHA256=CF160C3ADCE5AA2357697A02C6FC38071CBE1818B036F1C67F746868EB7F814DtrueMicrosoft WindowsValid 734700x80000000000000006506509Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.090{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\drupdate.dll10.0.14393.4222 (rs1_release.210113-1739)Driver ServicingMicrosoft® Windows® Operating SystemMicrosoft Corporationdrupdate.dllMD5=89A624107773DCDD4905048FC65B0500,SHA256=5773E23363DDA9CD12CFF5B5892B892658C667A7AB90C1CBD00C7547F76CF2A5trueMicrosoft WindowsValid 734700x80000000000000006506508Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.074{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\wcp.dll10.0.14393.4349 (rs1_release.210331-1403)Windows Componentization Platform Servicing APIMicrosoft® Windows® Operating SystemMicrosoft Corporationwcp.dllMD5=01573760EC093605F06B802636B2EE18,SHA256=E07A79DEC5CAA5D3610C34C73F3EF982568BB0E645CF9837317ADA95BA14B18FtrueMicrosoft WindowsValid 734700x80000000000000006506507Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.058{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\dpx.dll5.00 (rs1_release.210331-1403)Microsoft(R) Delta Package ExpanderMicrosoft® Windows® Operating SystemMicrosoft Corporationdpx.dllMD5=291F688223AD6EAC661926BEE3EDB518,SHA256=D07A80DC90553BB8A41EAAA71326C8161A947E4097A27B07435ABD561BE35F3FtrueMicrosoft WindowsValid 734700x80000000000000006506502Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.043{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84BtrueMicrosoft WindowsValid 734700x80000000000000006506482Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.043{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\wintrust.dll10.0.14393.4530 (rs1_release.210705-0736)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=992BCD32EF7680C574A426FAA4933ACA,SHA256=5755AC46B4220784A6E6AC12A755CC10892A5AE59B67924576075A1A29D68B3DtrueMicrosoft WindowsValid 734700x80000000000000006506481Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.043{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBEtrueMicrosoft WindowsValid 734700x80000000000000006506480Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.043{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\sqmapi.dll10.0.14393.0 (rs1_release.160715-1616)SQM ClientMicrosoft® Windows® Operating SystemMicrosoft Corporationsqmapi.dllMD5=D4EBE3E757147E481CF5077084FBB133,SHA256=177FC35DEA1DCE2F851BD94A76CD8C2FE5A91E49C596A0EB842F6AFFA702437EtrueMicrosoft WindowsValid 734700x80000000000000006506478Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.043{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006506477Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.043{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899trueMicrosoft WindowsValid 734700x80000000000000006506476Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.043{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242trueMicrosoft WindowsValid 734700x80000000000000006506475Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.043{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FAtrueMicrosoft WindowsValid 734700x80000000000000006506474Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.043{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006506473Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.043{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176trueMicrosoft WindowsValid 734700x80000000000000006506472Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.043{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704trueMicrosoft WindowsValid 734700x80000000000000006506471Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.043{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006506470Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.043{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\CbsCore.dll10.0.14393.4349 (rs1_release.210331-1403)Component Based Servicing Core DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcbscore.dllMD5=531891F2641C8CB44F5B80949B89C8BC,SHA256=9CE6249F0358BF965D55B1AA1D589F989EF092FE4044A1BDC019D7EC8DF19D63trueMicrosoft WindowsValid 734700x80000000000000006506469Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\servicing\CbsApi.dll10.0.14393.0 (rs1_release.160715-1616)Component Based Servicing API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcbsapi.dllMD5=176E556358F4F4868397D080CA660F6E,SHA256=A41CED61F2C7E67FE65397F9AC037EF0C720A168C183C647F8FAD07A8DA0B6AEtrueMicrosoft WindowsValid 734700x80000000000000006506468Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006506466Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006506465Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006506464Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006506463Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006506462Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006506461Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\wdscore.dll10.0.14393.4222 (rs1_release.210113-1739)Panther Engine ModuleMicrosoft® Windows® Operating SystemMicrosoft CorporationWDSCORE.DLLMD5=98DE446AA9B3B6CEBE69CD86215D843C,SHA256=2D15FB7CC3A7DB626F3F9522B0C3EF8995919EC9775DA171A5F755A690FDAE97trueMicrosoft WindowsValid 734700x80000000000000006506460Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006506459Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006506458Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006506457Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006506456Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006506455Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006506454Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006506453Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006506452Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006506451Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exe10.0.14393.4222 (rs1_release.210113-1739)Windows Modules Installer WorkerMicrosoft® Windows® Operating SystemMicrosoft CorporationTiWorker.exeMD5=1571A4132449A317F66DF783E9468783,SHA256=5CFF48937FAE7F0CF5935248959141E2A60E88FE8105C43676B866FDAC36ADD2trueMicrosoft WindowsValid 734700x80000000000000006506807Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:28.544{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\wer.dll10.0.14393.4402 (rs1_release.210426-1725)Windows Error Reporting DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwer.dllMD5=65C4FEDB972CDE71C2AF0F5AFA1C1C15,SHA256=63C1A7AC782F15980F47972E5B481C2E80EBCD1A2A497EAE93F469BD266CC638trueMicrosoft WindowsValid 734700x80000000000000006506782Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:28.544{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\DeviceMetadataRetrievalClient.dll10.0.14393.4169 (rs1_release.210107-1130)Windows MRCMicrosoft® Windows® Operating SystemMicrosoft CorporationMRC.DLLMD5=4C6C39DEFDCA41A4FD30B2F7532EB22B,SHA256=F482AE4355C9425DBA719E102AC9FE7EBAF352578B6A5ACAA2832CFDC8B8C384trueMicrosoft WindowsValid 734700x80000000000000006506755Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:28.513{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\DDORes.dll10.0.14393.0 (rs1_release.160715-1616)Device Category information and resourcesMicrosoft® Windows® Operating SystemMicrosoft CorporationDeviceCategories.dllMD5=4D558BCF2062138ADC52D6A9297A9732,SHA256=D03BD3F1B5664492E360851297C0347B1E6973C157343E2B144B343C0FABB14CtrueMicrosoft WindowsValid 734700x80000000000000006507335Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.368{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006507306Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.315{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\mpr.dll10.0.14393.2879 (rs1_release_inmarket.190313-1855)Multiple Provider Router DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmpr.dllMD5=0E56DB60C434D51769F2DAC48B9AA686,SHA256=3F9AED98B1B7F6A59C219F622FD91C7FD20BFE280935F5334920A02ECCAE7ED6trueMicrosoft WindowsValid 734700x80000000000000006507287Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002AtrueMicrosoft WindowsValid 734700x80000000000000006507262Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.331{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\twinapi.appcore.dll10.0.14393.4169 (rs1_release.210107-1130)twinapi.appcoreMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.appcore.dllMD5=B877C5BDEA2215B3D3CF89F645EB535C,SHA256=2F5468CC4277C8CB4B2AD1095AFC739ECAE0F0B6EE78E57BF64A97F3BDA54C19trueMicrosoft WindowsValid 734700x80000000000000006507258Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36trueMicrosoft WindowsValid 734700x80000000000000006507218Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.315{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\WinTypes.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Base Types DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWinTypes.dllMD5=9F209F29ABFF007F55328BCC36367005,SHA256=7F2CBE9B349062DFD782032D50C335E6C292EC5F509746941982A7161F24ED84trueMicrosoft WindowsValid 734700x80000000000000006507212Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.315{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\efswrt.dll10.0.14393.4169 (rs1_release.210107-1130)Storage Protection Windows Runtime DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationefswrt.dllMD5=3B52E3346B479665AF22772F7A8A5DA5,SHA256=8844843BDEF197239497BDAEAAFE821B7C28D5B6E13DCF4F6F0B8B3A233EF813trueMicrosoft WindowsValid 734700x80000000000000006507210Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.315{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006507199Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575trueMicrosoft WindowsValid 734700x80000000000000006507170Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.315{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=74621C6ABE4E9A568DF0A38E7282D71E,SHA256=0788A092D47800D0EB120A7DBB9E59234D0722A4A2E80ECE6CE70E3A84A3750AtrueMicrosoft WindowsValid 734700x80000000000000006507168Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.315{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\msctf.dll10.0.14393.4530 (rs1_release.210705-0736)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=E2374A214A9F0C8347C29EBDE3447986,SHA256=F2260FE7E0C4E92D49CF0F550E2A1B3D3F1D2D76E6F5C8F16B0E16B6117D9EE1trueMicrosoft WindowsValid 734700x80000000000000006507165Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430DtrueMicrosoft WindowsValid 734700x80000000000000006507141Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12trueMicrosoft WindowsValid 734700x80000000000000006507133Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006507132Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006507131Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\iertutil.dll11.00.14393.4467 (rs1_release.210604-1844)Run time utility for Internet ExplorerInternet ExplorerMicrosoft CorporationIeRtUtil.dllMD5=1D608361848C3A3AC56488995E8D0BB1,SHA256=D95DE5DBAD08E22CB0CFB9322220E752F16124C15867F7748E4D64795E400EBFtrueMicrosoft WindowsValid 734700x80000000000000006507130Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006507129Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\urlmon.dll11.00.14393.4530 (rs1_release.210705-0736)OLE32 Extensions for Win32Internet ExplorerMicrosoft CorporationUrlMon.dllMD5=B63DBDFEC215CF37259DC4A88ADBD0E7,SHA256=67B02F3DE0AF36E76C2D259CE7833EDA4FE33D935538E8A4C1E7E82130870FC1trueMicrosoft WindowsValid 734700x80000000000000006507128Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006507127Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\feclient.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT File Encryption Client InterfacesMicrosoft® Windows® Operating SystemMicrosoft CorporationFECLIENT.DLLMD5=AFCC2CA506D4A09F7D8B79BBF7D2CF1E,SHA256=6616D794EC0DE4CE7A99451AA5B299CEE213618D8F0854D1D6987862472FAD6BtrueMicrosoft WindowsValid 734700x80000000000000006507125Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899trueMicrosoft WindowsValid 734700x80000000000000006507124Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006507123Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\windows.storage.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=1D7997E3AFC26B85024D33F835E18056,SHA256=B2376967E156D4971FB66059F6367030AF937943D2EBF80AF856E643B6E95BBFtrueMicrosoft WindowsValid 734700x80000000000000006507122Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.284{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\notepad.exe10.0.14393.4169 (rs1_release.210107-1130)NotepadMicrosoft® Windows® Operating SystemMicrosoft CorporationNOTEPAD.EXEMD5=BA78FCF8CA9D806C6C047357E31748DE,SHA256=34A07759492E31AEC2A009505FE8DFB50242375C4308AD4657B2872F4F75A077trueMicrosoft WindowsValid 734700x80000000000000006507112Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704trueMicrosoft WindowsValid 734700x80000000000000006507102Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\shell32.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=837B8644B9CE47EC28152E7D764886E0,SHA256=C5BA64473FB38E6B4592EAFA642AF82715CBC676190985D8D8D4150CE840044FtrueMicrosoft WindowsValid 734700x80000000000000006507096Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CAtrueMicrosoft WindowsValid 734700x80000000000000006507095Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5trueMicrosoft WindowsValid 734700x80000000000000006507094Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\comdlg32.dll10.0.14393.4283 (rs1_release.210303-1802)Common Dialogs DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcomdlg32.dllMD5=0DB1A588A248E852AD781AE14333A5C6,SHA256=6F9C36C2663B90439A1AEE74855C521FCBBDB8C7B88382C9464906F1691F65F6trueMicrosoft WindowsValid 734700x80000000000000006507093Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006507092Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006507091Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006507090Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006507088Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006507087Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006507086Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006507085Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006507084Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006507083Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006507082Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006507076Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.284{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006507075Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.284{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006507068Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.284{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006507065Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.284{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006507059Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.284{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006507602Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:52.649{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\wpdshext.dll10.0.14393.4169 (rs1_release.210107-1130)Portable Devices Shell ExtensionMicrosoft® Windows® Operating SystemMicrosoft CorporationWpdShExt.dllMD5=CEB555E9099888316A1E2ADE83BA82BF,SHA256=4110FFD5F08100D1F6E1005E2907460E40B3221A0833B821BE291657416E89F0trueMicrosoft WindowsValid 734700x80000000000000006507599Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:52.516{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\mydocs.dll10.0.14393.4169 (rs1_release.210107-1130)My Documents Folder UIMicrosoft® Windows® Operating SystemMicrosoft Corporationmydocs.dllMD5=999FD44CF5713852E6083A43A7917761,SHA256=D5C75951C29B7F0AAA4EC9E9AB3195933E650C1F171092F389FD4DB66CA1CA20trueMicrosoft WindowsValid 734700x80000000000000006507597Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:52.516{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\sendmail.dll10.0.14393.4169 (rs1_release.210107-1130)Send MailMicrosoft® Windows® Operating SystemMicrosoft CorporationSENDMAIL.DLLMD5=04626525E567811FC7ECB3E31D94F8B0,SHA256=678A3A9DD713DC61F72112BD3160B8753F1A50D1179FDFABD265C32103980A6AtrueMicrosoft WindowsValid 734700x80000000000000006507580Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:52.501{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\wshext.dll5.812.10240.16384Microsoft ® Shell Extension for Windows Script HostMicrosoft ® Windows Script HostMicrosoft Corporationwshext.dllMD5=BA425FEBA35E20778ADB8FAF7268D8A0,SHA256=3A2F8057B4312BE9389CB86C8C3FA8BA3A590E3CE811AB163D77159DB095AA41trueMicrosoft WindowsValid 734700x80000000000000006507649Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.414{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\wininet.dll11.00.14393.4583 (rs1_release.210730-1850)Internet Extensions for Win32Internet ExplorerMicrosoft Corporationwininet.dllMD5=524876363DA8F469C13E0818256B6131,SHA256=DAA85FEAB4553D9A203A85A58C8CB26A2784E0D33226B41AAE98471DAE75C035trueMicrosoft WindowsValid 734700x80000000000000006507648Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12trueMicrosoft WindowsValid 734700x80000000000000006507647Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006507646Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006507645Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006507644Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\msimg32.dll10.0.14393.0 (rs1_release.160715-1616)GDIEXT Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationgdiextMD5=78DA58DF85F86CA61E5EAFB9EF0A83BE,SHA256=3216205F5C355D582EC4B902651B62E1FF3EFFDCA40BC849D474F13F1325E962trueMicrosoft WindowsValid 734700x80000000000000006507643Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\comdlg32.dll10.0.14393.4283 (rs1_release.210303-1802)Common Dialogs DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcomdlg32.dllMD5=0DB1A588A248E852AD781AE14333A5C6,SHA256=6F9C36C2663B90439A1AEE74855C521FCBBDB8C7B88382C9464906F1691F65F6trueMicrosoft WindowsValid 734700x80000000000000006507642Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\SensApi.dll10.0.14393.0 (rs1_release.160715-1616)SENS Connectivity API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSensApi.dllMD5=DF734E991C205DC633582B8B5AD0E030,SHA256=68282D0183F3E580EF854BA0EA43686B9CD2ABA8DE61CD867224AC29C237E364trueMicrosoft WindowsValid 734700x80000000000000006507641Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002AtrueMicrosoft WindowsValid 734700x80000000000000006507640Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\wintrust.dll10.0.14393.4530 (rs1_release.210705-0736)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=992BCD32EF7680C574A426FAA4933ACA,SHA256=5755AC46B4220784A6E6AC12A755CC10892A5AE59B67924576075A1A29D68B3DtrueMicrosoft WindowsValid 734700x80000000000000006507639Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5trueMicrosoft WindowsValid 734700x80000000000000006507638Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242trueMicrosoft WindowsValid 734700x80000000000000006507637Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006507636Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FAtrueMicrosoft WindowsValid 734700x80000000000000006507635Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899trueMicrosoft WindowsValid 734700x80000000000000006507634Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430DtrueMicrosoft WindowsValid 734700x80000000000000006507633Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006507632Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006507631Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006507630Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575trueMicrosoft WindowsValid 734700x80000000000000006507629Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\windows.storage.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=1D7997E3AFC26B85024D33F835E18056,SHA256=B2376967E156D4971FB66059F6367030AF937943D2EBF80AF856E643B6E95BBFtrueMicrosoft WindowsValid 734700x80000000000000006507628Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704trueMicrosoft WindowsValid 734700x80000000000000006507627Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\shell32.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=837B8644B9CE47EC28152E7D764886E0,SHA256=C5BA64473FB38E6B4592EAFA642AF82715CBC676190985D8D8D4150CE840044FtrueMicrosoft WindowsValid 734700x80000000000000006507626Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006507625Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006507624Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006507623Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006507622Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006507621Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006507620Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006507619Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006507618Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006507617Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5trueMicrosoft WindowsValid 734700x80000000000000006507616Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CAtrueMicrosoft WindowsValid 734700x80000000000000006507615Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006507614Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006507613Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006507612Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Program Files\Notepad++\notepad++.exe8.14Notepad++ : a free (GPL) source code editorNotepad++Don HO don.h@free.frnotepad++.exeMD5=8D93FF22077355875C7BC59CEBE98B4F,SHA256=A345288CDF2B0A43B64E0C3264FC2839A76C98835CAC1A1920D68E21DD444EB3trueNotepad++Valid 734700x80000000000000006507878Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.890{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006507877Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.890{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006507876Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.890{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006507874Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.890{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006507872Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006507871Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006507870Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006507869Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006507868Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006507867Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006507866Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006507865Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006507864Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006507863Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006507862Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006507861Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006507860Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006507859Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006507858Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006507857Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006507856Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006507855Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006507854Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006507853Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006507852Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006507851Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006507850Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006507849Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006507848Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006507847Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006507846Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006507845Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006507844Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006507843Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006507842Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006507840Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006507839Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006507838Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006507837Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006507826Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.343{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006507825Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.343{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006507824Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.343{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006507819Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.206{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006507798Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.206{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006507796Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.206{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006507794Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.206{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006507792Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.206{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006507791Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.206{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006507790Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.206{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006507789Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.206{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006507788Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.206{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006507787Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.206{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006507786Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006507785Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006507784Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006507783Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006507782Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006507781Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006507780Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006507779Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006507778Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006507777Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006507776Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006507775Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006507774Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006507773Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006507772Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006507771Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006507770Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006507769Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006507768Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006507767Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006507766Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006507765Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006507764Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006507763Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006507762Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006507761Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006507760Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006507759Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006507758Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006507757Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006507755Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006507754Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006507753Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006507752Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006507946Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.719{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006507944Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.704{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006507943Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.704{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006507942Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.588{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006507941Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.588{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006507940Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.588{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006507938Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.588{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006507936Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006507935Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006507934Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006507933Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006507932Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006507931Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006507930Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006507929Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006507928Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006507927Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006507926Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006507925Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006507924Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006507923Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006507922Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006507921Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006507920Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006507919Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006507918Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006507917Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006507916Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006507915Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006507914Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006507913Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006507912Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006507911Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006507910Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006507909Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006507908Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006507907Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006507906Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006507905Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006507904Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006507902Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006507901Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006507900Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006507882Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.005{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006507880Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.005{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006507879Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.005{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006508064Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.986{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006508063Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.986{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006508062Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.986{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006508060Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.986{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006508058Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.986{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006508057Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.986{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006508056Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.986{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006508055Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.986{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006508054Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006508053Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006508052Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006508051Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006508050Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006508049Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006508048Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006508047Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006508046Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006508045Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006508044Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006508043Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006508042Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006508041Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006508040Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006508039Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006508038Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006508037Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006508036Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006508035Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006508034Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006508033Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006508032Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006508031Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006508030Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006508029Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006508028Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006508027Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006508025Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006508024Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006508023Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006508022Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006508007Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.418{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006508005Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.418{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006508004Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.418{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006507999Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.287{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006507998Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.287{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006507997Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.287{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006507995Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.287{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006507993Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006507992Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006507991Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006507990Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006507989Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006507988Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006507987Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006507986Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006507985Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006507984Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006507983Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006507982Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006507981Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006507980Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006507979Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006507978Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006507977Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006507976Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006507975Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006507974Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006507973Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006507972Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006507971Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006507970Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006507969Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006507968Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006507967Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006507966Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006507965Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006507964Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006507963Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006507961Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006507960Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006507959Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006507958Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006508129Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.801{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006508128Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.801{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006508127Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.801{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006508126Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.685{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006508125Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.685{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006508124Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.685{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006508122Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.685{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006508120Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006508119Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006508118Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006508117Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006508116Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006508115Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006508114Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006508113Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006508112Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006508111Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006508110Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006508109Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006508108Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006508107Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006508106Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006508105Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006508104Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006508103Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006508102Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006508101Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006508100Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006508099Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006508098Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006508097Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006508096Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006508095Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006508094Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006508093Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006508092Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006508091Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006508090Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006508089Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006508087Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006508086Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006508085Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006508084Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006508066Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.117{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006508065Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.102{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006508191Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.500{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006508190Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.500{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006508189Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.500{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006508184Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006508183Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006508182Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006508180Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006508178Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006508177Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006508176Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006508175Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006508174Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006508173Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006508172Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006508171Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006508170Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006508169Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006508168Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006508167Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006508166Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006508165Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006508164Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006508163Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006508162Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006508161Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006508160Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006508159Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006508158Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006508157Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006508156Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006508155Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006508154Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006508153Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006508152Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006508151Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006508150Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006508149Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006508148Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.337{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006508147Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.337{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006508145Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.337{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006508144Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.337{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006508143Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.337{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006508142Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.337{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006508632Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.901{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006508631Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.900{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006508630Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.900{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006508628Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.899{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006508626Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.898{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006508625Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.897{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006508624Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.897{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006508623Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.897{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006508622Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006508621Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006508620Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006508619Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006508618Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006508617Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006508616Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006508615Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006508614Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006508613Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006508612Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006508611Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006508610Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006508609Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006508608Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006508607Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006508606Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006508605Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006508604Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006508603Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006508602Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006508601Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006508600Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006508599Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006508598Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006508597Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006508596Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006508595Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006508594Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006508593Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006508592Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006508591Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006508589Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006508588Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006508587Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006508586Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006508574Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.336{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006508572Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.336{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006508571Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.336{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006508570Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.205{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006508569Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.205{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006508568Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.205{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006508566Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.205{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006508564Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.205{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006508563Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.205{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006508562Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.205{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006508561Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.205{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006508560Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.205{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006508559Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.205{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006508558Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.205{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006508557Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.205{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006508556Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.205{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006508555Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.204{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006508554Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.204{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006508553Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.204{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006508552Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.204{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006508551Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.204{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006508550Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.203{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006508549Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.203{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006508548Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.203{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006508547Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.203{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006508546Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.203{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006508545Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.203{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006508544Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.203{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006508543Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.203{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006508542Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.202{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006508541Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.202{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006508540Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.202{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006508539Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.202{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006508538Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.202{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006508537Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.202{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006508536Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.202{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006508535Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.202{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006508534Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.201{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006508532Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.200{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006508531Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.200{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006508530Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.199{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006508529Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.184{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006508697Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.703{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006508695Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.703{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006508694Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.703{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006508693Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.582{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006508692Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.582{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006508691Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.582{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006508689Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.582{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006508687Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006508686Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006508685Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006508684Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006508683Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006508682Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006508681Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006508680Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006508679Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006508678Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006508677Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006508676Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006508675Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006508674Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006508673Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006508672Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006508671Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006508670Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006508669Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006508668Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006508667Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006508666Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006508665Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006508664Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006508663Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006508662Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006508661Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006508660Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006508659Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006508658Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006508657Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006508655Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006508654Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006508653Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006508652Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006508635Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.020{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006508634Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.020{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006508633Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.020{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006508814Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.902{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006508813Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.902{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006508812Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.902{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006508810Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.902{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006508808Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.902{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006508807Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.902{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006508806Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.902{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006508805Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.902{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006508804Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.898{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006508803Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.898{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006508802Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.898{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006508801Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.898{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006508800Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.897{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006508799Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.897{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006508798Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.897{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006508797Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.896{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006508796Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.896{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006508795Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.896{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006508794Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.896{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006508793Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.896{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006508792Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006508791Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006508790Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006508789Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006508788Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006508787Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006508786Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006508785Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006508784Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006508783Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006508782Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006508781Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006508780Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006508779Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006508778Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006508777Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006508775Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006508774Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006508773Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006508772Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006508756Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.403{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006508755Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.403{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006508750Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.281{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006508749Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.281{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006508748Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.281{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006508746Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.281{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006508744Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.281{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006508743Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.281{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006508742Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.281{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006508741Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.281{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006508740Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006508739Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006508738Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006508737Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006508736Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006508735Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006508734Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006508733Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006508732Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006508731Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006508730Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006508729Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006508728Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006508727Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006508726Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006508725Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006508724Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006508723Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006508722Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006508721Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006508720Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006508719Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006508718Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006508717Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006508716Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006508715Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006508714Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006508713Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006508711Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006508710Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006508709Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006508708Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006508878Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.879{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006508877Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.879{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006508875Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.879{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006508872Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.879{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006508870Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.879{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006508869Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.879{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006508868Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.879{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006508867Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.879{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006508866Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006508865Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006508864Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006508863Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006508862Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006508861Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006508860Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006508859Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006508858Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006508857Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006508856Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006508855Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006508854Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006508853Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006508852Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006508851Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006508850Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006508849Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006508848Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006508847Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006508846Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006508845Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006508844Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006508843Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006508842Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006508841Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006508840Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006508839Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006508833Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006508832Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006508831Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006508830Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006508817Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.033{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006508816Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.033{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006508815Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.033{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006508938Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.715{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006508937Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.699{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006508936Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.699{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006508935Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.578{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006508934Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.578{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006508933Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.578{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006508931Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.578{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006508929Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.578{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006508928Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.578{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006508927Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006508926Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006508925Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006508924Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006508923Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006508922Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006508921Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006508920Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006508919Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006508918Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006508917Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006508916Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006508915Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006508914Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006508913Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006508912Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006508911Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006508910Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006508909Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006508908Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006508907Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006508906Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006508905Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006508904Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006508903Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006508902Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006508901Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006508900Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006508899Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006508898Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006508896Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006508895Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006508894Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006508893Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006508882Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.016{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006508880Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.000{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006508879Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.000{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006509309Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.813{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\thumbcache.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Thumbnail CacheMicrosoft® Windows® Operating SystemMicrosoft Corporationthumbcache.dllMD5=C146766884A92B154F2EB38463F2263D,SHA256=48C5CC7760187EDB140A904D3AC5FD24F740973CDBA07962047859F84E7BEB9CtrueMicrosoft WindowsValid 734700x80000000000000006509279Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.813{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006509278Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.813{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006509277Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.813{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36trueMicrosoft WindowsValid 734700x80000000000000006509274Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.813{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430DtrueMicrosoft WindowsValid 734700x80000000000000006509270Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.813{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12trueMicrosoft WindowsValid 734700x80000000000000006509269Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.813{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002AtrueMicrosoft WindowsValid 734700x80000000000000006509266Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.813{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006509265Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.813{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006509264Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.813{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006509263Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.813{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006509262Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.813{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006509260Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.798{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006509259Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.798{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006509258Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.798{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006509257Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.798{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006509256Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.798{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006509255Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.798{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006509254Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.798{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006509252Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.798{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006509251Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.798{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006509250Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.798{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006509249Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.798{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\dllhost.exe10.0.14393.0 (rs1_release.160715-1616)COM SurrogateMicrosoft® Windows® Operating SystemMicrosoft Corporationdllhost.exeMD5=DA63852A2B0340E94D74EAF0CD444979,SHA256=EE8364C07B3F4F71FA649E0E6C4C73C15D285130E4B16E79890EEBBF89C2164EtrueMicrosoft WindowsValid 734700x80000000000000006509748Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006509747Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006509746Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006509744Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006509742Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006509741Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006509740Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006509739Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006509738Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006509737Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006509736Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006509735Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006509734Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006509733Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006509732Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006509731Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006509730Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006509729Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006509728Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006509727Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006509726Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006509725Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006509724Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006509723Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006509722Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006509721Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006509720Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006509719Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006509718Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006509717Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006509716Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006509715Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006509714Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006509713Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006509712Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.886{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006509710Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.886{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006509709Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.886{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006509708Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.886{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006509707Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.886{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006509694Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.349{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006509693Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.334{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006509692Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.334{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006509691Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.218{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006509690Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.218{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006509689Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.218{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006509687Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.218{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006509685Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.218{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006509684Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.218{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006509683Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.218{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006509682Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.218{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006509681Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006509680Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006509679Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006509678Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006509677Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006509676Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006509675Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006509674Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006509673Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006509672Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006509671Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006509670Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006509669Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006509668Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006509667Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006509666Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006509665Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006509664Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006509663Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006509662Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006509661Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006509660Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006509659Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006509658Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006509657Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006509656Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006509655Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006509654Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006509652Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006509651Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006509650Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006509649Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006509816Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.616{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006509814Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.616{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006509813Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.616{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006509812Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006509811Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006509810Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006509808Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006509806Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006509805Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006509804Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006509803Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006509802Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006509801Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006509800Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006509799Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006509798Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006509797Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006509796Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006509795Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006509794Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006509793Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006509792Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006509791Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006509790Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006509789Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006509788Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006509787Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006509786Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006509785Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006509784Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006509783Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006509782Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006509781Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006509780Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006509779Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006509778Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006509777Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006509776Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006509774Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006509773Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006509772Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.484{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006509771Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.484{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006509752Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.033{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006509750Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.033{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006509749Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.033{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006509936Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.984{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006509934Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.984{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006509933Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.984{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006509932Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.863{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006509931Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.863{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006509930Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.863{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006509928Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.863{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006509926Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006509925Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006509924Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006509923Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006509922Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006509921Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006509920Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006509919Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006509918Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006509917Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006509916Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006509915Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006509914Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006509913Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006509912Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006509911Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006509910Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006509909Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006509908Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006509907Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006509906Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006509905Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006509904Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006509903Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006509902Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006509901Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006509900Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006509899Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006509898Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006509897Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006509896Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006509895Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006509893Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006509892Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006509891Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006509890Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006509871Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.301{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006509870Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.301{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006509869Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.183{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006509868Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.182{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006509867Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.182{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006509865Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.181{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006509863Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.180{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006509862Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.180{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006509861Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.179{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006509860Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006509859Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006509858Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006509857Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006509856Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006509855Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006509854Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006509853Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006509852Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006509851Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006509850Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006509849Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006509848Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006509847Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006509846Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006509845Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006509844Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006509843Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006509842Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006509841Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006509840Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006509839Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006509838Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006509837Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006509836Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006509835Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006509834Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006509833Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006509832Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006509830Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006509829Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006509828Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006509827Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006509996Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.684{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006509995Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.684{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006509994Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.684{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006509993Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.562{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006509992Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.562{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006509991Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.562{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006509989Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.562{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006509987Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.562{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006509986Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006509985Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006509984Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006509983Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006509982Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006509981Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006509980Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006509979Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006509978Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006509977Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006509976Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006509975Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006509974Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006509973Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006509972Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006509971Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006509970Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006509969Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006509968Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006509967Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006509966Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006509965Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006509964Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006509963Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006509962Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006509961Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006509960Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006509959Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006509958Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006509957Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006509956Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006509955Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006509954Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006509953Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006509952Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006509950Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006509949Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006509948Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006509947Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006510060Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.382{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006510059Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.382{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006510058Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.382{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006510057Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.261{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006510056Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.261{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006510055Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.261{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006510053Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.261{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006510051Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006510050Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006510049Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006510048Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006510047Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006510046Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006510045Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006510044Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006510043Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006510042Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006510041Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006510040Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006510039Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006510038Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006510037Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006510036Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006510035Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006510034Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006510033Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006510032Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006510031Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006510030Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006510029Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006510028Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006510027Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006510026Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006510025Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006510024Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006510023Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006510022Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006510021Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006510020Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006510018Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006510017Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006510016Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006510015Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006510437Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.889{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006510436Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.888{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006510435Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.888{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006510433Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.887{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006510431Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006510430Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006510429Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006510428Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006510427Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006510426Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006510425Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006510424Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006510423Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006510422Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006510421Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006510420Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006510419Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006510418Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006510417Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006510416Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006510415Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006510414Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006510413Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006510412Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006510411Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006510410Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006510409Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006510408Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006510407Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006510406Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006510405Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006510404Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006510403Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006510402Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006510401Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006510399Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006510398Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006510397Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006510396Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006510385Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.340{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006510383Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.340{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006510382Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.340{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006510381Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006510380Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006510379Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006510377Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006510375Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006510374Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006510373Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006510372Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006510371Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006510370Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006510369Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006510368Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006510367Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006510366Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006510365Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006510364Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006510363Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006510362Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006510361Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006510360Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006510359Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006510358Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006510357Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006510356Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006510355Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006510354Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006510353Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006510352Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006510351Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006510350Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006510349Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.193{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006510348Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.193{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006510347Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.193{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006510346Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.193{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006510345Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.193{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006510344Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.193{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006510342Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.193{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006510341Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.193{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006510340Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.193{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006510339Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.193{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006510501Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.708{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006510500Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.708{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006510499Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.708{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006510498Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.589{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006510497Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.588{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006510496Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.588{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006510494Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.587{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006510492Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006510491Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006510490Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006510489Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006510488Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006510487Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006510486Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006510485Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006510484Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006510483Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006510482Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006510481Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006510480Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006510479Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006510478Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006510477Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006510476Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006510475Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006510474Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006510473Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006510472Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006510471Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006510470Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006510469Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006510468Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006510467Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006510466Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006510465Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006510464Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006510463Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006510462Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006510461Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006510459Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006510458Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006510457Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006510456Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006510441Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.008{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006510439Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.008{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006510438Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.008{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006510619Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006510618Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006510617Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006510615Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006510613Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006510612Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006510611Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006510610Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006510609Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006510608Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006510607Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006510606Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006510605Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006510604Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006510603Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006510602Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006510601Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006510600Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006510599Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006510598Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006510597Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006510596Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006510595Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.949{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006510594Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.949{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006510593Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.949{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006510592Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.948{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006510591Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.948{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006510590Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.948{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006510589Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.947{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006510588Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.947{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006510587Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.946{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006510586Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.946{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006510585Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.946{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006510584Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.945{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006510583Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.945{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006510582Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.945{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006510580Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.944{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006510579Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.943{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006510578Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.943{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006510577Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.943{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006510561Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.392{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006510559Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.392{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006510558Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.392{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006510557Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.270{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006510556Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.270{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006510555Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.270{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006510553Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.270{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006510551Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006510550Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006510549Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006510548Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006510547Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006510546Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006510545Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006510544Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006510543Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006510542Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006510541Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006510540Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006510539Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006510538Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006510537Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006510536Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006510535Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006510534Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006510533Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006510532Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006510531Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006510530Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006510529Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006510528Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006510527Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006510526Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006510525Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006510524Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006510523Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006510522Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006510521Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006510519Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006510518Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006510517Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006510516Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006510685Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.755{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006510684Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.755{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006510683Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.755{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006510681Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.639{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006510680Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.639{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006510679Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.639{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006510677Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.639{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006510675Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.639{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006510674Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.639{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006510673Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006510672Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006510671Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006510670Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006510669Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006510668Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006510667Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006510666Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006510665Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006510664Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006510663Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006510662Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006510661Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006510660Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006510659Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006510658Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006510657Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006510656Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006510655Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006510654Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006510653Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006510652Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006510651Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006510650Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006510649Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006510648Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006510647Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006510646Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006510645Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006510644Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006510643Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006510642Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006510641Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006510640Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006510638Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006510637Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006510636Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006510635Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006510623Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.071{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006510622Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.071{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006510752Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.323{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006510751Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.323{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006510750Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.323{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006510747Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.192{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006510746Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.191{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006510745Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.191{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006510743Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.190{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006510741Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.189{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006510740Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.188{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006510739Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.188{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006510738Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006510737Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006510736Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006510735Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006510734Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006510733Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006510732Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006510731Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006510730Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006510729Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006510728Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006510727Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006510726Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006510725Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006510724Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006510723Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006510722Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006510721Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006510720Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006510719Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006510718Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006510717Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006510716Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006510715Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006510714Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006510713Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006510711Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006510709Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006510708Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006510706Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006510705Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006510704Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006510703Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006511304Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006511303Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006511302Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006511300Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006511298Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006511297Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006511296Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006511295Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006511294Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006511293Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006511292Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006511291Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006511290Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006511289Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006511288Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006511287Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006511286Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006511285Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006511284Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006511283Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006511282Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006511281Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006511280Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006511279Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006511278Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006511277Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006511276Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006511275Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006511274Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006511273Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006511272Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006511271Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006511270Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006511269Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006511268Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006511266Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006511265Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006511264Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.891{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006511263Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.891{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006511248Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.370{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006511247Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.370{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006511246Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.370{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006511245Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.255{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006511244Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.255{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006511243Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.255{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006511241Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.255{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006511239Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006511238Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006511237Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006511236Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006511235Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006511234Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006511233Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006511232Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006511231Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006511230Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006511229Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006511228Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006511227Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006511226Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006511225Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006511224Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006511223Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006511222Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006511221Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006511220Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006511219Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006511218Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006511217Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006511216Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006511215Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006511214Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006511213Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006511212Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006511211Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006511210Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006511209Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006511208Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006511207Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006511206Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006511205Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006511204Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006511203Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006511201Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006511200Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.239{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006511199Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.224{4DF467A6-449A-613A-48FB-00000000F001}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006511369Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.607{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006511367Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.607{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006511366Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.607{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006511363Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.489{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006511362Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.488{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006511361Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.488{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006511359Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.487{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006511357Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.486{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006511356Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.485{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006511355Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006511354Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006511353Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006511352Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006511351Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006511350Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006511349Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006511348Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006511347Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006511346Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006511345Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006511344Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006511343Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006511342Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006511341Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006511340Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006511339Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006511338Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006511337Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006511336Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006511335Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006511334Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006511333Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006511332Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006511331Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006511330Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006511329Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006511328Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006511327Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006511326Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006511324Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006511323Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006511322Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006511321Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.470{4DF467A6-449B-613A-4AFB-00000000F001}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006511308Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.023{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006511306Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.023{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006511305Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:03.023{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006511486Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.852{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006511485Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.852{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006511482Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.737{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006511481Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.737{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006511480Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.737{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006511478Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.737{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006511476Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.737{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006511475Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.737{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006511474Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.737{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006511473Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.737{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006511472Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.737{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006511471Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006511470Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006511469Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006511468Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006511467Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006511466Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006511465Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006511464Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006511463Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006511462Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006511461Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006511460Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006511459Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006511458Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006511457Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006511456Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006511455Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006511454Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006511453Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006511452Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006511451Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006511450Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006511449Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006511448Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006511447Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006511446Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006511445Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006511443Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006511442Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006511441Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006511440Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.721{4DF467A6-449C-613A-4CFB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006511427Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.237{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006511425Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.237{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006511424Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.237{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006511423Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006511422Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006511421Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006511419Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006511417Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006511416Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006511415Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006511414Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006511413Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006511412Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006511411Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006511410Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006511409Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006511408Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006511407Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006511406Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006511405Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006511404Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006511403Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006511402Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006511401Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006511400Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006511399Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006511398Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006511397Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006511396Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006511395Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006511394Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006511393Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006511392Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006511391Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006511390Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006511389Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006511388Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.106{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006511387Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.091{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006511385Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.091{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006511384Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.091{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006511383Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.091{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006511382Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:04.091{4DF467A6-449C-613A-4BFB-00000000F001}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006511545Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.552{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006511544Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.552{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006511543Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.552{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006511542Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.436{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006511541Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.436{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006511540Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.436{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006511538Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.436{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006511536Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006511535Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006511534Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006511533Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006511532Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006511531Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006511530Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006511529Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006511528Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006511527Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006511526Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006511525Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006511524Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006511523Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006511522Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006511521Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006511520Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006511519Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006511518Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006511517Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006511516Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006511515Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006511514Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006511513Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006511512Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006511511Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006511510Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006511509Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006511508Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006511507Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006511506Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006511505Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006511503Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006511502Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006511501Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006511500Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:05.421{4DF467A6-449D-613A-4DFB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006511605Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.266{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006511604Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.266{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006511603Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.266{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006511600Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.135{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006511599Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.135{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006511598Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.135{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006511596Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.135{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006511594Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.135{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006511593Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.135{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006511592Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006511591Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006511590Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006511589Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006511588Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006511587Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006511586Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006511585Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006511584Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006511583Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006511582Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006511581Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006511580Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006511579Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006511578Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006511577Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006511576Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006511575Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006511574Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006511573Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006511572Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006511571Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006511570Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006511569Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006511568Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006511567Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006511566Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006511565Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006511564Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006511563Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006511561Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006511560Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006511559Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006511558Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:06.120{4DF467A6-449E-613A-4EFB-00000000F001}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006512015Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.954{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006512014Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.954{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006512013Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.954{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006512011Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.954{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006512009Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006512008Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006512007Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006512006Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006512005Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006512004Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006512003Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006512002Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006512001Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006512000Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006511999Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006511998Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006511997Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006511996Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006511995Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006511994Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006511993Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006511992Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006511991Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006511990Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006511989Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006511988Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006511987Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006511986Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006511985Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006511984Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006511983Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006511982Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006511981Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006511980Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006511979Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006511978Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006511977Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006511976Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006511975Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006511974Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006511972Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006511971Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006511970Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006511969Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.939{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006511956Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.385{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006511954Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.385{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006511953Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.385{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006511948Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.254{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006511947Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.254{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006511946Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.254{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006511944Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.254{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006511942Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006511941Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006511940Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006511939Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006511938Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006511937Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006511936Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006511935Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006511934Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006511933Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006511932Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006511931Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006511930Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006511929Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006511928Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006511927Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006511926Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006511925Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006511924Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006511923Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006511922Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006511921Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006511920Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006511919Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006511918Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006511917Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006511916Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006511915Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006511914Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006511913Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006511912Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006511910Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006511909Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006511908Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006511907Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:02.238{4DF467A6-44D6-613A-4FFB-00000000F001}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006512078Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.769{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006512076Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.769{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006512075Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.769{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006512074Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.653{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006512073Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.653{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006512072Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.653{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006512070Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.653{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006512068Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006512067Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006512066Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006512065Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006512064Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006512063Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006512062Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006512061Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006512060Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006512059Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006512058Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006512057Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006512056Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006512055Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006512054Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006512053Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006512052Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006512051Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006512050Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006512049Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006512048Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006512047Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006512046Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006512045Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006512044Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006512043Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006512042Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006512041Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006512040Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006512039Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006512038Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006512036Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006512035Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006512034Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006512033Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.638{4DF467A6-44D7-613A-51FB-00000000F001}6004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006512020Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.070{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006512019Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.070{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006512018Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:03.070{4DF467A6-44D6-613A-50FB-00000000F001}6000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006512136Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.453{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006512135Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.453{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006512134Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.337{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006512133Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.337{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006512132Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.337{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006512130Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006512128Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006512127Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006512126Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006512125Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006512124Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006512123Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006512122Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006512121Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006512120Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006512119Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006512118Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006512117Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006512116Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006512115Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006512114Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006512113Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006512112Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006512111Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006512110Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006512109Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006512108Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006512107Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006512106Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006512105Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006512104Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006512103Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006512102Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006512101Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006512100Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006512099Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006512098Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006512097Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006512095Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006512094Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006512093Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006512092Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:04.321{4DF467A6-44D8-613A-52FB-00000000F001}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006512258Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.836{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006512256Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.836{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006512255Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.836{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006512252Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.705{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006512251Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.705{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006512250Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.705{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006512248Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.705{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006512246Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.705{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006512245Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.705{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006512244Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.705{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006512243Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.705{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006512242Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.705{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006512241Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.705{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006512240Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.705{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006512239Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.705{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006512238Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.705{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006512237Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.705{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006512236Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.705{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006512235Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.705{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006512234Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.705{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006512233Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.705{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006512232Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.705{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006512231Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.705{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006512230Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.705{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006512229Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.705{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006512228Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.704{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006512227Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.704{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006512226Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.704{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006512225Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.704{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006512224Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.704{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006512223Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.704{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006512222Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.704{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006512221Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.704{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006512220Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.704{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006512219Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.703{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006512218Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.703{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006512217Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.703{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006512216Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.703{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006512215Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.703{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006512213Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.702{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006512212Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.702{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006512211Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.701{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006512210Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.701{4DF467A6-44D9-613A-54FB-00000000F001}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006512199Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.152{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006512198Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.152{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006512197Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.152{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006512196Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.021{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006512195Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.021{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006512194Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.021{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006512192Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.021{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006512190Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.021{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006512189Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.021{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006512188Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.021{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006512187Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.021{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006512186Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.021{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006512185Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.021{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006512184Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.021{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006512183Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.021{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006512182Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.021{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006512181Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.021{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006512180Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.021{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006512179Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.021{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006512178Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.021{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006512177Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.021{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006512176Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.021{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006512175Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.005{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006512174Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.005{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006512173Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.005{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006512172Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.005{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006512171Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.005{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006512170Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.005{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006512169Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.005{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006512168Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.005{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006512167Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.005{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006512166Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.005{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006512165Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.005{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006512164Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.005{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006512163Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.005{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006512162Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.005{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006512161Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.005{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006512160Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.005{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006512159Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.005{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006512157Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.005{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006512156Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.005{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006512155Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.005{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006512154Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:05.005{4DF467A6-44D8-613A-53FB-00000000F001}7344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006512318Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.520{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006512317Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.520{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006512316Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.520{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006512313Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.400{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006512312Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.400{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006512311Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.399{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006512309Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.399{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006512307Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006512306Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006512305Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006512304Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006512303Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006512302Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006512301Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006512300Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006512299Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006512298Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006512297Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006512296Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006512295Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006512294Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006512293Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006512292Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006512291Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006512290Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006512289Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006512288Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006512287Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006512286Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006512285Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006512284Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006512283Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006512282Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006512281Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006512280Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006512279Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006512278Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006512277Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006512276Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006512274Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006512273Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006512272Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006512271Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:31:06.383{4DF467A6-44DA-613A-55FB-00000000F001}6176C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006512737Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.962{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006512736Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.962{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006512735Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.962{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006512733Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006512731Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006512730Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006512729Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006512728Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006512727Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006512726Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006512725Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006512724Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006512723Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006512722Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006512721Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006512720Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006512719Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006512718Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006512717Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006512716Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006512715Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006512714Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006512713Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006512712Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006512711Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006512710Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006512709Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006512708Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006512707Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006512706Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006512705Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006512704Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006512703Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006512702Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006512701Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006512699Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006512698Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006512697Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006512696Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.946{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006512683Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.415{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006512682Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.415{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006512681Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.415{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006512680Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006512679Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006512678Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006512676Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006512674Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006512673Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006512672Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006512671Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006512670Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006512669Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006512668Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006512667Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006512666Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006512665Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006512664Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006512663Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006512662Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006512661Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006512660Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006512659Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006512658Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006512657Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006512656Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006512655Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006512654Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006512653Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006512652Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006512651Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006512650Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006512649Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006512648Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006512647Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006512646Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006512645Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006512644Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006512643Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006512641Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006512640Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.278{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006512639Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.262{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006512638Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:02.262{4DF467A6-4512-613A-56FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006512807Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.777{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006512805Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.777{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006512804Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.777{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006512803Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.661{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006512802Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.661{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006512801Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.661{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006512799Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.661{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006512797Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006512796Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006512795Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006512794Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006512793Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006512792Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006512791Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006512790Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006512789Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006512788Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006512787Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006512786Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006512785Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006512784Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006512783Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006512782Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006512781Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006512780Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006512779Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006512778Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006512777Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006512776Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006512775Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006512774Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006512773Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006512772Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006512771Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006512770Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006512769Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006512768Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006512767Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006512765Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006512764Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006512763Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006512762Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.646{4DF467A6-4513-613A-58FB-00000000F001}7264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006512745Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.077{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006512743Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.077{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006512742Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:03.077{4DF467A6-4512-613A-57FB-00000000F001}5232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006512862Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.476{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006512861Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.476{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006512860Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.361{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006512859Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.361{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006512858Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.361{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006512856Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.361{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006512854Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.361{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006512853Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006512852Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006512851Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006512850Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006512849Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006512848Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006512847Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006512846Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006512845Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006512844Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006512843Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006512842Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006512841Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006512840Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006512839Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006512838Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006512837Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006512836Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006512835Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006512834Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006512833Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006512832Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006512831Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006512830Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006512829Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006512828Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006512827Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006512826Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006512825Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006512824Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006512823Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006512821Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006512820Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006512819Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006512818Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:04.345{4DF467A6-4514-613A-59FB-00000000F001}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006512989Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.859{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006512988Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.859{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006512987Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.859{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006512986Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.744{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006512985Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.744{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006512984Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.744{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006512982Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.744{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006512980Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006512979Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006512978Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006512977Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006512976Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006512975Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006512974Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006512973Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006512972Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006512971Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006512970Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006512969Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006512968Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006512967Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006512966Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006512965Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006512964Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006512963Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006512962Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006512961Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006512960Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006512959Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006512958Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006512957Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006512956Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006512955Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006512954Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006512953Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006512952Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006512951Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006512950Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006512949Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006512948Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006512947Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006512946Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006512945Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006512943Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006512942Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006512941Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006512940Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.728{4DF467A6-4515-613A-5BFB-00000000F001}6604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006512926Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.191{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006512924Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.176{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006512923Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.176{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006512920Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.060{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006512919Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.060{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006512918Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.060{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006512916Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006512914Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006512913Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006512912Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006512911Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006512910Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006512909Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006512908Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006512907Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006512906Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006512905Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006512904Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006512903Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006512902Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006512901Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006512900Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006512899Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006512898Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006512897Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006512896Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006512895Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006512894Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006512893Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006512892Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006512891Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006512890Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006512889Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006512888Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006512887Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006512886Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006512885Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006512884Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006512883Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006512881Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006512880Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006512879Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006512878Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:05.045{4DF467A6-4515-613A-5AFB-00000000F001}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006513049Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.559{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006513048Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.559{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006513047Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.559{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006513044Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.444{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006513043Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.444{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006513042Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.444{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006513040Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006513038Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006513037Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006513036Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006513035Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006513034Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006513033Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006513032Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006513031Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006513030Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006513029Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006513028Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006513027Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006513026Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006513025Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006513024Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006513023Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006513022Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006513021Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006513020Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006513019Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006513018Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006513017Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006513016Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006513015Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006513014Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006513013Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006513012Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006513011Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006513010Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006513009Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006513008Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006513007Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006513005Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006513004Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006513003Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006513002Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:32:06.428{4DF467A6-4516-613A-5CFB-00000000F001}7480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006513428Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.970{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006513427Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.970{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006513426Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.970{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006513424Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.970{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006513422Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006513421Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006513420Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006513419Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006513418Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006513417Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006513416Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006513415Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006513414Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006513413Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006513412Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006513411Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006513410Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006513409Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006513408Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006513407Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006513406Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006513405Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006513404Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006513403Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006513402Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006513401Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006513400Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006513399Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006513398Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006513397Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006513396Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006513395Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006513394Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006513393Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006513392Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006513390Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006513389Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006513388Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006513387Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.954{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006513376Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.408{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006513374Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.408{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006513373Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.392{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006513372Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006513371Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006513370Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006513368Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006513366Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006513365Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006513364Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006513363Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006513362Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006513361Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006513360Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006513359Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006513358Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006513357Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006513356Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006513355Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006513354Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006513353Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006513352Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006513351Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006513350Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006513349Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006513348Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006513347Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006513346Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006513345Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006513344Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006513343Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006513342Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006513341Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006513340Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006513339Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006513338Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006513337Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006513336Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006513335Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.271{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006513333Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.255{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006513332Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.255{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006513331Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.255{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006513330Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:02.255{4DF467A6-454E-613A-5DFB-00000000F001}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006513498Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.669{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006513497Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.669{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006513496Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.669{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006513495Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006513494Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006513493Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006513491Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006513489Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006513488Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006513487Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006513486Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006513485Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006513484Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006513483Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006513482Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006513481Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006513480Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006513479Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006513478Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006513477Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006513476Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006513475Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006513474Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006513473Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006513472Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006513471Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006513470Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006513469Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006513468Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006513467Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006513466Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006513465Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006513464Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006513463Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006513462Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006513461Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006513460Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006513459Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006513458Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.537{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006513456Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.522{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006513455Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.522{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006513454Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.522{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006513453Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.522{4DF467A6-454F-613A-5FFB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006513432Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.091{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006513430Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.091{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006513429Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:03.091{4DF467A6-454E-613A-5EFB-00000000F001}5876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006513613Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.935{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006513612Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.935{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006513611Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.935{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006513609Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.935{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006513607Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.935{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006513606Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.935{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006513605Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.935{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006513604Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.935{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006513603Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006513602Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006513601Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006513600Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006513599Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006513598Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006513597Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006513596Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006513595Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006513594Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006513593Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006513592Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006513591Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006513590Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006513589Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006513588Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006513587Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006513586Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006513585Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006513584Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006513583Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006513582Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006513581Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006513580Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006513579Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006513578Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006513577Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006513576Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006513574Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006513573Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006513572Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006513571Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.919{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006513554Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.352{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006513552Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.352{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006513551Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.352{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006513550Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.236{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006513549Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.236{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006513548Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.236{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006513546Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.236{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006513544Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006513543Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006513542Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006513541Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006513540Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006513539Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006513538Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006513537Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006513536Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006513535Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006513534Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006513533Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006513532Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006513531Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006513530Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006513529Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006513528Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006513527Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006513526Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006513525Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006513524Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006513523Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006513522Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006513521Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006513520Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006513519Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006513518Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006513517Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006513516Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006513515Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006513514Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006513512Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006513511Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006513510Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006513509Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:04.221{4DF467A6-4550-613A-60FB-00000000F001}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006513680Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.734{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006513679Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.734{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006513678Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.734{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006513677Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006513676Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006513675Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006513673Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006513671Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006513670Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006513669Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006513668Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006513667Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006513666Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006513665Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006513664Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006513663Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006513662Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006513661Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006513660Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006513659Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006513658Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006513657Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006513656Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006513655Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006513654Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006513653Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006513652Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006513651Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006513650Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006513649Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006513648Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006513647Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006513646Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006513645Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006513644Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006513643Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006513642Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006513641Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006513640Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.603{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006513639Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.587{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006513638Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.587{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006513637Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.587{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006513636Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.587{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006513634Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.587{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006513633Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.587{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006513632Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.587{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006513631Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.587{4DF467A6-4551-613A-62FB-00000000F001}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006513617Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.051{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006513616Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:05.051{4DF467A6-4550-613A-61FB-00000000F001}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006513738Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.418{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006513737Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.418{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006513736Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.418{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006513735Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006513734Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006513733Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006513731Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006513729Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006513728Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006513727Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006513726Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006513725Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006513724Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006513723Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006513722Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006513721Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006513720Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006513719Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006513718Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006513717Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006513716Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006513715Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006513714Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006513713Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006513712Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006513711Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006513710Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006513709Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006513708Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006513707Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006513706Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006513705Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006513704Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006513703Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006513702Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.287{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006513701Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.286{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006513700Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.286{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006513699Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.286{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006513698Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.286{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006513696Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.284{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006513695Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.284{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006513694Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.283{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006513693Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:33:06.283{4DF467A6-4552-613A-63FB-00000000F001}5312C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006514095Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.961{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006514094Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.961{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006514093Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.961{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006514091Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.961{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006514089Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.961{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006514088Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.961{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006514087Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.961{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006514086Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.961{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006514085Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.961{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006514084Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.961{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006514083Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.961{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006514082Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.961{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006514081Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.961{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006514080Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.961{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006514079Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.961{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006514078Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.961{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006514077Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.961{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006514076Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.945{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006514075Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.945{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006514074Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.945{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006514073Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.945{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006514072Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.945{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006514071Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.945{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006514070Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.945{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006514069Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.945{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006514068Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.945{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006514067Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.945{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006514066Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.945{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006514065Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.945{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006514064Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.945{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006514063Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.945{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006514062Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.945{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006514061Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.945{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006514060Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.945{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006514059Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.945{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006514057Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.945{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006514056Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.945{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006514055Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.945{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006514054Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.945{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006514041Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.408{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006514040Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.408{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006514039Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.408{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006514038Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.293{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006514037Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.293{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006514036Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.293{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006514034Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.293{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006514032Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.293{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006514031Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.293{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006514030Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.293{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006514029Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.293{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006514028Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006514027Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006514026Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006514025Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006514024Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006514023Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006514022Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006514021Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006514020Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006514019Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006514018Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006514017Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006514016Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006514015Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006514014Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006514013Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006514012Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006514011Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006514010Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006514009Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006514008Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006514007Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006514006Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006514005Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006514004Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006514003Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006514002Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006514001Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006514000Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006513999Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006513998Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006513997Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006513995Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006513994Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006513993Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006513992Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:02.277{4DF467A6-458A-613A-64FB-00000000F001}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006514158Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.761{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006514156Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.761{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006514155Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.761{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006514154Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.642{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006514153Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.641{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006514152Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.641{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006514150Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.640{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006514148Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006514147Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006514146Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006514145Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006514144Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006514143Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006514142Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006514141Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006514140Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006514139Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006514138Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006514137Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006514136Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006514135Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006514134Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006514133Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006514132Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006514131Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006514130Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006514129Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006514128Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006514127Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006514126Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006514125Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006514124Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006514123Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006514122Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006514121Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006514120Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006514119Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006514118Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006514117Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006514115Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006514114Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006514113Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006514112Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.623{4DF467A6-458B-613A-66FB-00000000F001}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006514099Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.092{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006514097Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.092{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006514096Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:03.092{4DF467A6-458A-613A-65FB-00000000F001}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006514284Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.922{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006514283Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.922{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006514282Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.807{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006514281Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.807{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006514280Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.807{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006514278Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.807{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006514276Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.807{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006514274Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.807{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006514272Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.807{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006514271Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.807{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006514270Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.807{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006514269Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006514268Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006514267Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006514266Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006514265Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006514264Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006514263Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006514262Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006514261Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006514260Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006514259Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006514258Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006514257Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006514256Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006514255Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006514254Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006514253Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006514252Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006514251Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006514250Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006514249Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006514248Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006514247Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006514246Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006514245Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006514244Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006514243Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006514241Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006514240Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006514239Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006514238Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.791{4DF467A6-458C-613A-68FB-00000000F001}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006514222Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.344{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006514220Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.344{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006514219Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.344{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006514218Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006514217Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006514216Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006514214Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006514212Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006514211Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006514210Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006514209Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006514208Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006514207Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006514206Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006514205Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006514204Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006514203Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006514202Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006514201Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006514200Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006514199Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006514198Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006514197Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006514196Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006514195Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006514194Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006514193Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006514192Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006514191Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006514190Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006514189Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006514188Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006514187Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006514186Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006514185Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006514184Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006514183Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006514182Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006514180Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.207{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006514179Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.191{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006514178Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.191{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006514177Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:04.191{4DF467A6-458C-613A-67FB-00000000F001}5904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006514341Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.623{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006514340Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.623{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006514339Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.623{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006514338Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.507{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006514337Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.507{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006514336Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.507{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006514334Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.507{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006514332Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006514331Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006514330Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006514329Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006514328Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006514327Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006514326Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006514325Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006514324Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006514323Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006514322Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006514321Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006514320Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006514319Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006514318Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006514317Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006514316Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006514315Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006514314Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006514313Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006514312Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006514311Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006514310Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006514309Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006514308Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006514307Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006514306Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006514305Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006514304Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006514303Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006514302Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006514301Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006514299Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006514298Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006514297Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006514296Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:05.492{4DF467A6-458D-613A-69FB-00000000F001}5676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006514403Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.338{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006514402Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.322{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006514401Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.322{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006514400Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.207{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006514399Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.207{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006514398Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.207{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006514396Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.207{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006514394Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.207{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006514393Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006514392Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006514391Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006514390Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006514389Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006514388Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006514387Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006514386Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006514385Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006514384Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006514383Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006514382Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006514381Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006514380Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006514379Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006514378Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006514377Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006514376Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006514375Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006514374Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006514373Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006514372Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006514371Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006514370Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006514369Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006514368Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006514367Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006514366Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006514365Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006514364Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006514363Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006514361Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006514360Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006514359Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006514358Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:34:06.191{4DF467A6-458E-613A-6AFB-00000000F001}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006514830Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006514829Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006514828Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006514827Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006514826Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006514825Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006514824Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006514823Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006514822Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006514821Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006514820Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006514819Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006514818Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006514817Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006514816Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006514815Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006514814Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006514813Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006514812Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006514811Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006514810Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006514809Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006514808Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006514807Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006514805Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006514804Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006514803Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006514802Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006514790Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.437{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006514788Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.437{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006514787Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.437{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006514786Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.321{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006514785Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006514784Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006514782Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006514780Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006514779Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006514778Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006514777Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006514776Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006514775Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006514774Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006514773Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006514772Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006514771Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006514770Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006514769Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006514768Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006514767Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006514766Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006514765Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006514764Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006514763Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006514762Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006514761Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006514760Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006514759Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006514758Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006514757Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006514756Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006514755Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006514754Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006514753Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006514752Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006514751Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006514750Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006514748Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006514747Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006514746Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006514745Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.306{4DF467A6-45C6-613A-6BFB-00000000F001}7712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006514913Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.805{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006514911Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.805{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006514910Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.805{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006514909Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.674{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006514908Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.674{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006514907Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.674{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006514905Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.674{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006514903Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.674{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006514902Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.674{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006514901Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.674{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006514900Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.674{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006514899Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.674{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006514898Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.674{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006514897Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.674{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006514896Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.674{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006514895Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.674{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006514894Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.674{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006514893Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.674{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006514892Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.674{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006514891Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.674{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006514890Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.674{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006514889Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.674{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006514888Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.658{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006514887Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.658{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006514886Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.658{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006514885Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.658{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006514884Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.658{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006514883Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.658{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006514882Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.658{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006514881Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.658{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006514880Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.658{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006514879Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.658{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006514878Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.658{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006514877Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.658{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006514876Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.658{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006514875Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.658{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006514874Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.658{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006514873Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.658{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006514871Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.658{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006514870Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.658{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006514869Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.658{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006514868Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.658{4DF467A6-45C7-613A-6DFB-00000000F001}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006514851Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.120{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006514850Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.120{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006514849Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.120{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006514848Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.005{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006514847Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.005{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006514846Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.005{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006514844Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.005{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006514842Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.005{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006514841Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.005{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006514840Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.005{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006514839Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:03.005{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006514838Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006514837Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006514836Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006514835Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006514834Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006514833Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006514832Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006514831Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:02.989{4DF467A6-45C6-613A-6CFB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006515009Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006515008Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006515007Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006515006Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006515005Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006515004Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006515003Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006515002Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006515001Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006515000Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006514999Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006514998Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006514997Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006514996Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006514995Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006514994Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006514993Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006514991Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006514990Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006514989Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006514988Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006514972Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.475{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006514971Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.475{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006514966Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.359{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006514965Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.358{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006514964Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.358{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006514962Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.357{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006514960Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.356{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006514959Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.355{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006514958Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.355{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006514957Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.355{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006514956Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.354{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006514955Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006514954Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006514953Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006514952Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006514951Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006514950Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006514949Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006514948Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006514947Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006514946Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006514945Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006514944Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006514943Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006514942Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006514941Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006514940Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006514939Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006514938Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006514937Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006514936Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006514935Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006514934Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006514933Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006514932Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006514931Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006514930Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006514929Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006514927Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006514926Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006514925Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006514924Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.337{4DF467A6-45C8-613A-6EFB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006515096Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.836{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006515094Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.820{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006515093Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.820{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006515092Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.705{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006515091Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.705{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006515090Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.705{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006515088Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.705{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006515086Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.705{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006515085Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006515084Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006515083Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006515082Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006515081Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006515080Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006515079Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006515078Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006515077Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006515076Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006515075Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006515074Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006515073Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006515072Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006515071Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006515070Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006515069Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006515068Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006515067Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006515066Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006515065Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006515064Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006515063Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006515062Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006515061Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006515060Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006515059Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006515058Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006515057Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006515056Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006515055Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006515053Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006515052Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006515051Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006515050Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.689{4DF467A6-45C9-613A-70FB-00000000F001}3204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006515035Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.121{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006515034Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.121{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006515033Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.121{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006515030Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.006{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006515029Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.006{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006515028Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.006{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006515026Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.006{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006515024Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:05.006{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006515023Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006515022Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006515021Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006515020Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006515019Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006515018Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006515017Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006515016Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006515015Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006515014Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006515013Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006515012Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006515011Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006515010Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:04.990{4DF467A6-45C8-613A-6FFB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006515154Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.520{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006515153Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.520{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006515152Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.520{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006515151Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.404{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006515150Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.404{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006515149Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.404{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006515147Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.404{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006515145Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.404{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006515144Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006515143Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006515142Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006515141Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006515140Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006515139Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006515138Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006515137Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006515136Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006515135Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006515134Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006515133Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006515132Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006515131Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006515130Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006515129Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006515128Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006515127Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006515126Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006515125Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006515124Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006515123Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006515122Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006515121Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006515120Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006515119Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006515118Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006515117Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006515116Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006515115Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006515114Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006515112Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006515111Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006515110Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006515109Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:06.389{4DF467A6-45CA-613A-71FB-00000000F001}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006515276Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:35:29.444{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\taskschd.dll10.0.14393.4402 (rs1_release.210426-1725)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=76BF5CA81C749140E05C7519B13B299E,SHA256=D5CBDB2EEE67E582198F9DB213EC95DF9107F08D646E67FFA723066CC434B515trueMicrosoft WindowsValid 734700x80000000000000006515524Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006515523Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006515522Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006515521Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006515520Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006515519Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006515518Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006515517Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006515516Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006515515Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006515514Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006515513Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006515512Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006515511Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006515510Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006515509Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006515508Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006515507Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006515506Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006515505Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006515504Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006515503Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006515502Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006515501Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006515500Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006515499Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006515498Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006515496Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006515495Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006515494Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006515493Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006515482Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.432{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006515481Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.432{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006515480Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.432{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006515479Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.317{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006515478Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.317{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006515477Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.317{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006515475Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.317{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006515473Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.317{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006515472Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006515471Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006515470Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006515469Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006515468Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006515467Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006515466Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006515465Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006515464Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006515463Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006515462Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006515461Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006515460Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006515459Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006515458Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006515457Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006515456Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006515455Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006515454Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006515453Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006515452Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006515451Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006515450Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006515449Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006515448Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006515447Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006515446Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006515445Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006515444Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006515443Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006515442Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006515440Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006515439Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006515438Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006515437Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.301{4DF467A6-4602-613A-72FB-00000000F001}7032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006515598Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.816{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006515596Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.816{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006515595Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.816{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006515594Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.701{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006515593Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.701{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006515592Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.701{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006515590Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.701{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006515588Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.701{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006515587Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006515586Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006515585Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006515584Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006515583Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006515582Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006515581Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006515580Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006515579Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006515578Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006515577Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006515576Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006515575Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006515574Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006515573Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006515572Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006515571Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006515570Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006515569Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006515568Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006515567Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006515566Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006515565Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006515564Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006515563Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006515562Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006515561Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006515560Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006515559Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006515558Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006515556Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006515555Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006515554Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006515553Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.685{4DF467A6-4603-613A-74FB-00000000F001}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006515538Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.117{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006515536Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.117{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006515535Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.117{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006515534Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.001{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006515533Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.001{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006515532Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.001{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006515530Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:03.001{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006515528Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006515527Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006515526Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006515525Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:02.986{4DF467A6-4602-613A-73FB-00000000F001}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006515658Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.516{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006515657Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.516{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006515656Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.400{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006515655Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.400{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006515654Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.400{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006515652Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.400{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006515650Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.400{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006515649Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.400{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006515648Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.400{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006515647Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.400{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006515646Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.400{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006515645Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006515644Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006515643Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006515642Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006515641Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006515640Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006515639Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006515638Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006515637Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006515636Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006515635Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006515634Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006515633Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006515632Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006515631Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006515630Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006515629Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006515628Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006515627Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006515626Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006515625Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006515624Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006515623Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006515622Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006515621Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006515620Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006515619Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006515617Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006515616Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006515615Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006515614Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:04.385{4DF467A6-4604-613A-75FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006515784Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.898{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006515783Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.898{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006515782Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.898{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006515781Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006515780Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006515779Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006515777Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006515775Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006515774Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006515773Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006515772Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006515771Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006515770Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006515769Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006515768Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006515767Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006515766Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006515765Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006515764Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006515763Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006515762Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006515761Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006515760Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006515759Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006515758Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006515757Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006515756Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006515755Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006515754Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006515753Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006515752Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006515751Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006515750Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006515749Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006515748Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006515747Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006515746Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006515745Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006515744Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.767{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006515743Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.752{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006515742Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.752{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006515741Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.752{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006515740Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.752{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006515738Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.752{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006515737Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.752{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006515736Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.752{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006515735Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.752{4DF467A6-4605-613A-77FB-00000000F001}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006515722Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.230{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006515720Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.215{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006515719Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.215{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006515714Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.099{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006515713Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.099{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006515712Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.099{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006515710Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.099{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006515708Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.099{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006515707Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006515706Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006515705Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006515704Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006515703Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006515702Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006515701Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006515700Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006515699Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006515698Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006515697Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006515696Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006515695Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006515694Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006515693Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006515692Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006515691Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006515690Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006515689Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006515688Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006515687Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006515686Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006515685Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006515684Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006515683Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006515682Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006515681Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006515680Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006515679Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006515678Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006515677Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006515675Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006515674Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006515673Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006515672Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:05.083{4DF467A6-4605-613A-76FB-00000000F001}7564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006515848Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.582{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006515847Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.582{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006515846Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.582{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006515839Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006515838Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006515837Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006515835Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006515833Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006515832Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006515831Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006515830Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006515829Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006515828Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006515827Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006515826Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006515825Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006515824Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006515823Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006515822Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006515821Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006515820Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006515819Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006515818Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006515817Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006515816Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006515815Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006515814Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006515813Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006515812Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006515811Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006515810Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006515809Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006515808Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.451{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006515807Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.450{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006515806Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.450{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006515805Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.450{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006515804Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.449{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006515803Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.449{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006515802Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.449{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006515800Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.448{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006515799Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.448{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006515798Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.447{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006515797Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:36:06.447{4DF467A6-4606-613A-78FB-00000000F001}7304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006516287Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.965{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006516285Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.965{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006516284Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.965{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006516283Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006516282Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006516281Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006516279Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006516277Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006516276Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006516275Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006516274Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006516273Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006516272Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006516271Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006516270Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006516269Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006516268Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006516267Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006516266Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006516265Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006516264Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006516263Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006516262Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006516261Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006516260Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006516259Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006516258Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006516257Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006516256Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006516255Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006516254Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006516253Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006516252Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006516251Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006516250Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006516249Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006516248Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006516247Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006516245Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006516244Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.833{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006516243Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.832{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006516242Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.832{4DF467A6-463E-613A-7AFB-00000000F001}4092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006516229Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.465{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006516227Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.465{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006516226Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.465{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006516225Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.334{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006516224Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.334{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006516223Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.334{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006516221Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.334{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006516219Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.334{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006516218Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.334{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006516217Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.334{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006516216Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.334{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006516215Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.334{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006516214Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.334{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006516213Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.334{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006516212Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.333{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006516211Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.333{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006516210Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.333{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006516209Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.333{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006516208Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.332{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006516207Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.332{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006516206Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.332{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006516205Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.332{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006516204Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.332{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006516203Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.332{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006516202Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.332{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006516201Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.332{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006516200Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.331{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006516199Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.331{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006516198Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.331{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006516197Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.331{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006516196Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.331{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006516195Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.331{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006516194Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.331{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006516193Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.331{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006516192Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.330{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006516191Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.330{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006516190Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.330{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006516189Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.330{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006516188Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.330{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006516186Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.328{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006516185Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.328{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006516184Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.312{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006516183Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:02.312{4DF467A6-463E-613A-79FB-00000000F001}7632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006516347Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.580{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006516346Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.580{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006516345Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.580{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006516342Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.449{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006516341Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.449{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006516340Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.449{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006516338Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.449{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006516336Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.449{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006516335Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.449{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006516334Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.449{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006516333Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.449{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006516332Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.449{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006516331Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.449{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006516330Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.449{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006516329Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.449{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006516328Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.449{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006516327Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.449{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006516326Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.449{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006516325Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.449{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006516324Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.449{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006516323Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.449{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006516322Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.449{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006516321Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.449{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006516320Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.449{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006516319Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.449{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006516318Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.449{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006516317Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.449{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006516316Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.449{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006516315Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.449{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006516314Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.433{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006516313Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.433{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006516312Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.433{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006516311Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.433{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006516310Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.433{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006516309Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.433{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006516308Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.433{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006516307Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.433{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006516306Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.433{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006516305Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.433{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006516303Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.433{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006516302Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.433{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006516301Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.433{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006516300Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:03.433{4DF467A6-463F-613A-7BFB-00000000F001}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006516464Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.848{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006516463Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.848{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006516460Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.731{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006516459Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.731{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006516458Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.730{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006516456Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.730{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006516454Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.728{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006516453Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.728{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006516452Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.727{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006516451Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.727{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006516450Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.727{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006516449Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006516448Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006516447Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006516446Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006516445Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006516444Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006516443Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006516442Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006516441Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006516440Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006516439Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006516438Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006516437Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006516436Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006516435Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006516434Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006516433Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006516432Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006516431Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006516430Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006516429Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006516428Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006516427Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006516426Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006516425Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006516424Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006516423Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006516421Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006516420Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006516419Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006516418Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.711{4DF467A6-4640-613A-7DFB-00000000F001}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006516405Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.249{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006516403Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.249{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006516402Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.249{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006516401Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.132{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006516400Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.131{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006516399Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.131{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006516397Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.130{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006516395Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.129{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006516394Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.128{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006516393Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.128{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006516392Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.128{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006516391Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006516390Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006516389Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006516388Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006516387Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006516386Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006516385Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006516384Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006516383Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006516382Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006516381Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006516380Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006516379Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006516378Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006516377Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006516376Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006516375Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006516374Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006516373Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006516372Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006516371Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006516370Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006516369Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006516368Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006516367Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006516366Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006516365Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006516363Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006516362Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006516361Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006516360Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:04.112{4DF467A6-4640-613A-7CFB-00000000F001}5856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006516586Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.962{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006516585Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.962{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006516584Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.962{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006516582Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.962{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006516580Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.962{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006516579Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.962{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006516578Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.962{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006516577Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.962{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006516576Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.962{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006516575Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.962{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006516574Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.962{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006516573Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.962{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006516572Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.962{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006516571Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.962{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006516570Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.962{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006516569Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.962{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006516568Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.962{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006516567Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.962{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006516566Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.962{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006516565Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.962{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006516564Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.962{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006516563Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.962{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006516562Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.946{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006516561Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.946{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006516560Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.946{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006516559Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.946{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006516558Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.946{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006516557Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.946{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006516556Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.946{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006516555Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.946{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006516554Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.946{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006516553Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.946{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006516552Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.946{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006516551Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.946{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006516550Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.946{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006516549Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.946{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006516547Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.946{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006516546Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.946{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006516545Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.946{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006516544Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.946{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006516527Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.509{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006516526Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.509{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006516525Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.509{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006516524Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.394{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006516523Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.394{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006516522Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.394{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006516520Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.394{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006516518Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.394{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006516517Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.394{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006516516Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.394{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006516515Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.394{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006516514Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006516513Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006516512Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006516511Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006516510Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006516509Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006516508Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006516507Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006516506Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006516505Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006516504Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006516503Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006516502Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006516501Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006516500Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006516499Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006516498Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006516497Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006516496Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006516495Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006516494Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006516493Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006516492Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006516491Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006516490Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006516489Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006516488Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006516487Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006516486Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006516485Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006516484Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006516483Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006516481Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006516480Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006516479Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006516478Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:05.378{4DF467A6-4641-613A-7EFB-00000000F001}5620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006516591Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:06.093{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006516590Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:06.093{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006516589Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:37:06.093{4DF467A6-4641-613A-7FFB-00000000F001}6128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006516908Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.480{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006516907Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.480{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006516906Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.480{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006516905Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.349{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006516904Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.349{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006516903Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.349{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006516901Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.349{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006516899Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.349{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006516898Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.349{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006516897Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.349{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006516896Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.349{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006516895Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.349{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006516894Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.349{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006516893Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.349{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006516892Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.349{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006516891Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006516890Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006516889Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006516888Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006516887Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006516886Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006516885Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006516884Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006516883Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006516882Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006516881Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006516880Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006516879Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006516878Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006516877Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006516876Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006516875Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006516874Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006516873Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006516872Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006516871Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006516870Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006516869Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006516868Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006516867Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006516866Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006516865Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006516864Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006516862Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006516861Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006516860Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006516859Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:02.333{4DF467A6-467A-613A-80FB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006517025Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.848{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006517023Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.848{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006517022Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.848{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006517021Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006517020Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006517019Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006517017Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006517015Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006517014Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006517013Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006517012Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006517011Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006517010Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006517009Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006517008Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006517007Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006517006Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006517005Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006517004Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006517003Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006517002Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006517001Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006517000Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006516999Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006516998Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006516997Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006516996Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006516995Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006516994Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006516993Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006516992Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006516991Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006516990Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006516989Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006516988Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006516987Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006516986Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006516985Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.716{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006516984Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.715{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006516982Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.714{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006516981Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.713{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006516980Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.713{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006516979Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.713{4DF467A6-467B-613A-82FB-00000000F001}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006516966Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.149{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006516964Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.149{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006516963Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.149{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006516962Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006516961Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006516960Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006516958Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006516956Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006516955Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006516954Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006516953Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006516952Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006516951Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006516950Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006516949Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006516948Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006516947Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006516946Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006516945Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006516944Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006516943Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006516942Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006516941Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006516940Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006516939Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006516938Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006516937Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006516936Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006516935Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006516934Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006516933Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006516932Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006516931Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006516930Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.017{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006516929Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.016{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006516928Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.016{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006516927Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.016{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006516926Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.016{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006516924Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.015{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006516923Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.014{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006516922Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.014{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006516921Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:03.014{4DF467A6-467A-613A-81FB-00000000F001}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006517086Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.547{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006517084Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.547{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006517083Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.547{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006517082Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.416{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006517081Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.416{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006517080Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.416{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006517078Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.416{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006517076Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.416{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006517075Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.416{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006517074Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.416{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006517073Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.416{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006517072Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.416{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006517071Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.416{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006517070Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.416{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006517069Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.416{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006517068Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.416{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006517067Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.416{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006517066Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.416{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006517065Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.416{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006517064Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.416{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006517063Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.416{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006517062Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.416{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006517061Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.416{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006517060Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.416{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006517059Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.416{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006517058Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.416{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006517057Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.416{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006517056Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.416{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006517055Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.416{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006517054Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.415{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006517053Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.415{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006517052Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.415{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006517051Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.415{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006517050Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.415{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006517049Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.415{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006517048Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.415{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006517047Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.415{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006517046Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.414{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006517044Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.413{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006517043Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.413{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006517042Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.412{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006517041Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:04.412{4DF467A6-467C-613A-83FB-00000000F001}7404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006517202Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.946{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006517201Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.946{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006517200Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.946{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006517199Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006517198Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006517197Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006517195Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006517193Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006517192Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006517191Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006517190Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006517189Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006517188Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006517187Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006517186Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006517185Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006517184Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006517183Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006517182Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006517181Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006517180Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006517179Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006517178Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006517177Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006517176Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006517175Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006517174Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006517173Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006517172Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006517171Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006517170Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006517169Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006517168Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006517167Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006517166Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.814{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006517165Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.813{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006517164Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.813{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006517163Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.813{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006517162Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.813{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006517160Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.812{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006517159Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.811{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006517158Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.811{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006517157Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.811{4DF467A6-467D-613A-85FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006517145Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.246{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006517144Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.246{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006517143Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006517142Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006517141Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006517139Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006517137Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006517136Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006517135Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006517134Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006517133Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006517132Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006517131Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006517130Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006517129Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006517128Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006517127Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006517126Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006517125Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006517124Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006517123Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006517122Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006517121Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006517120Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006517119Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006517118Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006517117Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006517116Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006517115Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006517114Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006517113Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006517112Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006517111Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006517110Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006517109Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006517108Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006517107Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006517106Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.115{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006517102Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.113{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006517101Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.113{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006517100Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.112{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006517099Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:05.111{4DF467A6-467D-613A-84FB-00000000F001}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006517266Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.592{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006517265Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.592{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006517264Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.577{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006517263Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.461{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006517262Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.461{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006517261Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.461{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006517259Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.461{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006517257Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.461{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006517256Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.461{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006517255Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.461{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006517254Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006517253Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006517252Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006517251Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006517250Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006517249Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006517248Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006517247Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006517246Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006517245Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006517244Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006517243Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006517242Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006517241Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006517240Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006517239Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006517238Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006517237Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006517236Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006517235Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006517234Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006517233Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006517232Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006517231Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006517230Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006517229Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006517228Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006517227Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006517226Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006517224Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006517223Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006517222Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006517221Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:38:06.446{4DF467A6-467E-613A-86FB-00000000F001}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006517618Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.474{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006517616Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.474{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006517615Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.474{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006517614Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.359{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006517613Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.359{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006517612Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.359{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006517610Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.359{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006517608Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.359{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006517607Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.359{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006517606Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006517605Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006517604Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006517603Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006517602Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006517601Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006517600Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006517599Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006517598Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006517597Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006517596Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006517595Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006517594Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006517593Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006517592Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006517591Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006517590Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006517589Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006517588Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006517587Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006517586Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006517585Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006517584Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006517583Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006517582Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006517581Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006517580Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006517579Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006517578Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006517576Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006517575Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006517574Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006517573Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:02.343{4DF467A6-46B6-613A-87FB-00000000F001}2140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006517742Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.858{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006517740Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.858{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006517739Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.858{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006517736Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.727{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006517735Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.727{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006517734Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.727{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006517732Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.727{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006517730Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.727{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006517729Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.727{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006517728Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.727{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006517727Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.727{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006517726Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.727{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006517725Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.727{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006517724Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.727{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006517723Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.727{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006517722Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.727{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006517721Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.727{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006517720Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.727{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006517719Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.727{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006517718Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.727{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006517717Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.727{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006517716Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.727{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006517715Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.727{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006517714Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.727{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006517713Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.727{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006517712Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.727{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006517711Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.727{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006517710Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.727{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006517709Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.727{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006517708Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.711{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006517707Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.711{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006517706Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.711{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006517705Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.711{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006517704Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.711{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006517703Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.711{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006517702Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.711{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006517701Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.711{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006517700Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.711{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006517698Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.711{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006517697Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.711{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006517696Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.711{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006517695Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.711{4DF467A6-46B7-613A-89FB-00000000F001}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006517682Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.174{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006517681Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.174{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006517680Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.174{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006517679Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.058{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006517678Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.058{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006517677Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.058{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006517675Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.058{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006517673Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.058{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006517672Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.058{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006517671Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.058{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006517670Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.058{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006517669Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006517668Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006517667Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006517666Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006517665Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006517664Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006517663Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006517662Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006517661Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006517660Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006517659Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006517658Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006517657Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006517656Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006517655Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006517654Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006517653Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006517652Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006517651Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006517650Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006517649Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006517648Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006517647Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006517646Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006517645Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006517644Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006517643Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006517642Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006517641Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006517640Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006517639Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006517638Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006517636Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006517635Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006517634Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006517633Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:03.043{4DF467A6-46B7-613A-88FB-00000000F001}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006517857Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.926{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006517856Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.926{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006517855Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006517853Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006517851Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006517850Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006517849Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006517848Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006517847Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006517846Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006517845Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006517844Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006517843Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006517842Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006517841Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006517840Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006517839Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006517838Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006517837Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006517836Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006517835Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006517834Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006517833Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006517832Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006517831Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006517830Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006517829Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006517828Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006517827Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006517826Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006517825Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006517824Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006517823Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006517822Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006517821Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006517820Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006517818Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006517816Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006517814Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006517813Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.910{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006517797Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.527{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006517796Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.527{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006517795Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.410{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006517794Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.409{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006517793Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.409{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006517791Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.408{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006517789Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.407{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006517788Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.406{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006517787Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.406{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006517786Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.406{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006517785Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.405{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006517784Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006517783Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006517782Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006517781Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006517780Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006517779Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006517778Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006517777Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006517776Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006517775Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006517774Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006517773Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006517772Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006517771Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006517770Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006517769Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006517768Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006517767Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006517766Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006517765Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006517764Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006517763Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006517762Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006517761Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006517760Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006517759Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006517758Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006517756Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006517755Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006517754Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006517753Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:04.389{4DF467A6-46B8-613A-8AFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006517918Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.741{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006517916Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.741{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006517915Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.741{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006517914Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.610{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006517913Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.610{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006517912Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.610{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006517910Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.610{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006517908Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.610{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006517907Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.610{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006517906Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.610{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006517905Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.610{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006517904Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.610{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006517903Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.610{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006517902Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.610{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006517901Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.610{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006517900Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.610{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006517899Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.610{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006517898Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.610{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006517897Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.610{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006517896Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.610{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006517895Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.610{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006517894Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.610{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006517893Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.610{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006517892Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.610{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006517891Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.610{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006517890Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.610{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006517889Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.610{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006517888Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.610{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006517887Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.610{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006517886Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.609{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006517885Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.609{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006517884Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.609{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006517883Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.609{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006517882Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.609{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006517881Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.609{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006517880Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.608{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006517879Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.608{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006517878Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.608{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006517877Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.608{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006517875Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.607{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006517874Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.606{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006517873Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.606{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006517872Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.606{4DF467A6-46B9-613A-8CFB-00000000F001}8048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006517860Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.041{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006517859Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.041{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006517858Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:05.041{4DF467A6-46B8-613A-8BFB-00000000F001}6228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006517980Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.425{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006517979Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.425{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006517978Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.425{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006517977Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.306{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006517976Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.306{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006517975Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.305{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006517973Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.305{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006517971Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.304{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006517970Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006517969Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006517968Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006517967Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006517966Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006517965Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006517964Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006517963Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006517962Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006517961Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006517960Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006517959Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006517958Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006517957Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006517956Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006517955Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006517954Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006517953Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006517952Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006517951Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006517950Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006517949Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006517948Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006517947Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006517946Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006517945Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006517944Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006517943Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006517942Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006517941Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006517940Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006517938Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006517937Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006517936Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006517935Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:06.288{4DF467A6-46BA-613A-8DFB-00000000F001}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006518870Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.767{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\cryptnet.dll10.0.14393.2035 (rs1_release_inmarket.180110-1910)Crypto Network Related APIMicrosoft® Windows® Operating SystemMicrosoft CorporationCRYPTNET.DLLMD5=C826D7EA2E1A6884120676A0A3CBC714,SHA256=B4EFCCA21ADC0FF2FD3505DD9F9F6D6F66CFF229FE21D97DFEF19F1D485769A0trueMicrosoft WindowsValid 734700x80000000000000006518867Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.751{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\EXPSRV.DLL7.1.1108Visual Basic for Applications Runtime - Expression ServiceMicrosoft Visual Basic for ApplicationsMicrosoft CorporationEXPSRV.DLLMD5=3FF977F13147CF29DDB70AA247BD3690,SHA256=3FE5A0245668D229732B49763CB17E3BD466204440DBBC4D27F5E3095CED6C45trueMicrosoft CorporationValid 734700x80000000000000006518866Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.751{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\System\msvcr100.dll10.00.40219.1Microsoft® C Runtime LibraryMicrosoft® Visual Studio® 2010Microsoft Corporationmsvcr100_clr0400.dllMD5=DF3CA8D16BDED6A54977B30E66864D33,SHA256=1D1A1AE540BA132F998D60D3622F0297B6E86AE399332C3B47462D7C0F560A36trueMicrosoft CorporationValid 734700x80000000000000006518865Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.751{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\VBAJET32.DLL7.1.1104Visual Basic for Applications Development Environment - Expression Service LoaderMicrosoft Visual Basic for ApplicationsMicrosoft CorporationVBAJET32.DLLMD5=A302D22CC544B6BFB4E1BB522B036CB1,SHA256=76823CF79F5C76C96E2FCA31D06796D62727ABE559FFBA78E5F21DC324E55188trueMicrosoft CorporationValid 734700x80000000000000006518864Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.751{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEES.DLL16.0.13801.20688Microsoft Access database engine Expression ServiceMicrosoft OfficeMicrosoft Corporationacees.dllMD5=01B32DC29CEB905A6D0FC5C1C703B0CA,SHA256=70106489670931C7491BA1F8AF1DE0503E53844B2AA52F82C3143A8B6E83151DtrueMicrosoft CorporationValid 734700x80000000000000006518862Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.751{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\ACEWSTR.DLL16.0.13801.20008Microsoft Access database engine Sort DLLMicrosoft OfficeMicrosoft Corporationacewstr.dllMD5=D26F3BC200CD057CB9939073143F652E,SHA256=F2985BACE4D0E5A2E82A9FE8CA935BCD19D184BA72F81F4CDC5D3627ECC0B937trueMicrosoft CorporationValid 734700x80000000000000006518860Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.751{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACECORE.DLL16.0.13801.20634Microsoft Access database engine DLLMicrosoft OfficeMicrosoft Corporationacecore.dllMD5=052CFD327BA966E1D3EA5FAFB290672B,SHA256=8DD3054536AD700CD3C7BD59E95456B83E7D177AE1A7C6AAB21C97C49027E655trueMicrosoft CorporationValid 734700x80000000000000006518859Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.751{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msdart.dll10.0.14393.0 (rs1_release.160715-1616)OLE DB Runtime RoutinesMicrosoft® Windows® Operating SystemMicrosoft Corporationmsdart.dllMD5=2D8AE33BC433EFE81FB9F5B126B4A0A9,SHA256=5BC4D64A18925CFB39C898E954BC24473BCCFDA11E31A8FD7E01F8F888BD6B76trueMicrosoft WindowsValid 734700x80000000000000006518858Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.736{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Common Files\System\Ole DB\oledb32.dll10.0.14393.4169 (rs1_release.210107-1130)OLE DB Core ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationoledb32.dllMD5=1C9084B11668B0E8E83D7887BC2BDA33,SHA256=A2FF5347549ECCC9804F180C34D465AFA55027B3B0F614A2666934FA2963F436trueMicrosoft WindowsValid 734700x80000000000000006518857Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.736{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEOLEDB.DLL16.0.13801.20490Microsoft Access database engine OLE DB ProviderMicrosoft OfficeMicrosoft Corporationaceoledb.dllMD5=E8DCF5077604E501B55ABD40BFB32ACB,SHA256=CFA364D0ACFC660080B2F3C6D06E89B6CBBA031F3673E7C56843825991D9EA6AtrueMicrosoft CorporationValid 734700x80000000000000006518856Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.736{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\RICHED20.DLL16.0.13801.20442RichEdit Version 8.0Microsoft OfficeMicrosoft Corporationriched20.dllMD5=4AADCAFE0937BFDD2C0E089B37549CD7,SHA256=8D12811470721C2A4775AE2CF2B236C5E16FD4215D70E63C768BD9F4ADBC364AtrueMicrosoft CorporationValid 734700x80000000000000006518855Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.720{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\sxs.dll10.0.14393.4169 (rs1_release.210107-1130)Fusion 2.5Microsoft® Windows® Operating SystemMicrosoft CorporationSXS.DLLMD5=54FB18CA661D074CBB60D5A58D40C8D3,SHA256=A2BD6160222A216F8A6830C1273662F8AE88F53D2CE6DA5893FF70D146A0A2B0trueMicrosoft WindowsValid 734700x80000000000000006518831Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.736{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wintrust.dll10.0.14393.4530 (rs1_release.210705-0736)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=992BCD32EF7680C574A426FAA4933ACA,SHA256=5755AC46B4220784A6E6AC12A755CC10892A5AE59B67924576075A1A29D68B3DtrueMicrosoft WindowsValid 734700x80000000000000006518830Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.736{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Csi.dll16.0.13801.20842Microsoft Office Document CacheMicrosoft OfficeMicrosoft CorporationCsi.dllMD5=79BAD2A42BC1DDCF7747154DB5CDA177,SHA256=B943A38387BD920D64860A27F667FF8C23529614A5812412A672E18052A2CFA5trueMicrosoft CorporationValid 734700x80000000000000006518825Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.720{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\UIAutomationCore.dll7.2.14393.4169 (rs1_release.210107-1130)Microsoft UI Automation CoreMicrosoft® Windows® Operating SystemMicrosoft CorporationUIAutomationCore.dllMD5=9B2DCFE11EEBDDC18A8F5964E04E64A0,SHA256=5CBC5B45B9EB5B4EF1360005CD675D20D7EE9FE588DA24543FF7C9ACB88317FFtrueMicrosoft WindowsValid 734700x80000000000000006518821Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.720{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msimg32.dll10.0.14393.0 (rs1_release.160715-1616)GDIEXT Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationgdiextMD5=78DA58DF85F86CA61E5EAFB9EF0A83BE,SHA256=3216205F5C355D582EC4B902651B62E1FF3EFFDCA40BC849D474F13F1325E962trueMicrosoft WindowsValid 734700x80000000000000006518820Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.720{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\GFX.DLL16.0.13801.20442Microsoft Office GraphicsMicrosoft OfficeMicrosoft CorporationGFX.DLLMD5=67A8185AAF7674010FB3D3F4BF71B3A7,SHA256=3017C9E5F1B0107444C560FF931BEB019E96AFC49D33F131B1BD0D3AF5B53614trueMicrosoft CorporationValid 734700x80000000000000006518819Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.704{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006518817Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.704{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006518813Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.704{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006518812Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.704{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006518811Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.704{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msvcp110_win.dll10.0.14393.2007 (rs1_release.171231-1800)Microsoft® STL110 C++ Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp110_win.dllMD5=BFB390484F611C21582AD11E4C6ADEF2,SHA256=30B5AD268C022FCA2AACAE2CB6E4DC36F6A01C16A006046BB4417CEA96DA4F5AtrueMicrosoft WindowsValid 734700x80000000000000006518810Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.704{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dsreg.dll10.0.14393.4467 (rs1_release.210604-1844)AD/AAD User Device RegistrationMicrosoft® Windows® Operating SystemMicrosoft Corporationdsreg.dllMD5=79A9D7EA2FEAEF86876FFD1B6D1CB6C1,SHA256=A1BA47F25235AA03E37B420DA61B68E1F3165A590B15AAC43894613A88250018trueMicrosoft WindowsValid 734700x80000000000000006518809Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.704{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006518807Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.704{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ADAL.DLL3.4.1.35249ADAL.NativeMicrosoft© ADALMicrosoftadal.dllMD5=83940B529D140372B1FF153CF83E478D,SHA256=1D246C806D9F170AAC09E8AA3507553B7833BA2067B81150588444B3C93BAADBtrueMicrosoft CorporationValid 734700x80000000000000006518799Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.682{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\cabinet.dll5.00 (rs1_release.160715-1616)Microsoft® Cabinet File APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcabinet.dllMD5=08A4A2712DB2AE10E483FB74E46B0E73,SHA256=EEB32E3E4256CC9935227ACD5BA576B75F1F6FE3C818D2127513CB22F823FECBtrueMicrosoft WindowsValid 734700x80000000000000006518798Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.682{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704trueMicrosoft WindowsValid 734700x80000000000000006518797Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.682{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11trueMicrosoft WindowsValid 734700x80000000000000006518792Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.682{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wmiclnt.dll10.0.14393.0 (rs1_release.160715-1616)WMI Client APIMicrosoft® Windows® Operating SystemMicrosoft Corporationwmiclnt.dllMD5=6B61852EDC8F0EB9E555CF5308A1CA67,SHA256=73CBABE06D58CF771AC647C0DE916BD668FEC96A40EDF7283D50C1C7DE07FE08trueMicrosoft WindowsValid 734700x80000000000000006518790Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.682{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wmi.dll10.0.14393.0 (rs1_release.160715-1616)WMI DC and DP functionalityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmi.DLLMD5=BECC01CF48016043B5DC3D5477CC08CF,SHA256=449E882DBCD4DD25B8F10CD62623DCB15E5B6375B0699463506EA55886B7B9DAtrueMicrosoft WindowsValid 734700x80000000000000006518785Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.682{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ncryptsslp.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft SChannel ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationncryptsslp.dllMD5=80D0046E61E3DBD708B53657DA4C5821,SHA256=7457E1BB911D132A8BEDEB6D7DEDB82365A6D681FBEF2331D4FB545AC1DA5A56trueMicrosoft WindowsValid 734700x80000000000000006518782Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.667{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\mskeyprotect.dll10.0.14393.4046 (rs1_release.201028-1803)Microsoft Key Protection ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationmskeyprotect.dllMD5=87A5C9919D4A67629718959772E120DD,SHA256=707BD6ECE458848F7343C2CF3184A74D99C40E7F5E58E5DA608E4C88D03609E4trueMicrosoft WindowsValid 734700x80000000000000006518781Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.667{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006518780Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.667{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\framedynos.dll10.0.14393.4169 (rs1_release.210107-1130)WMI SDK Provider FrameworkMicrosoft® Windows® Operating SystemMicrosoft Corporationframedyn.dllMD5=F5BCBB0713FF862975B07056D25E166E,SHA256=DBB3B6E35E0FEF5B878DE8C85AF578B51C1C2DB025865354E27394AEA87824B2trueMicrosoft WindowsValid 734700x80000000000000006518778Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.667{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575trueMicrosoft WindowsValid 734700x80000000000000006518777Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.667{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\cimwin32.dll10.0.14393.3297 (rs1_release_1.191001-1045)WMI Win32 ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationcimwin32.dllMD5=35C291C2351E11C928195BFD018A972C,SHA256=CC1655A2CD71118C0197A1A96D47E86C74F58AA6D589B55F77D8C1C12C542BA7trueMicrosoft WindowsValid 734700x80000000000000006518774Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.651{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\twinapi.dll10.0.14393.4169 (rs1_release.210107-1130)twinapiMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.dllMD5=40E4471EAFBC1AB4D40288BF005AB895,SHA256=E93454095918346B3426D55704F02DF6FBB1B840BF969CE619E3F10BA0AC9A44trueMicrosoft WindowsValid 734700x80000000000000006518769Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.651{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\wmiutils.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwmiutils.dllMD5=5179B0DEF3AB5CAC3BA02316AF1B6B40,SHA256=FA4112CB0D1A133C41FD001F958F0BE930BB49072BF97A3D765AEA8DB841ABC4trueMicrosoft WindowsValid 734700x80000000000000006518764Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.636{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\schannel.dll10.0.14393.4225 (rs1_release.210127-1811)TLS / SSL Security ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationschannel.dllMD5=2562B81E255EB6DF8497402ABC6C59BB,SHA256=340532C238CA5B84BA9D7A2DB4D1CCD58D869FECC44A463A93F54C974E1B41F4trueMicrosoft WindowsValid 734700x80000000000000006518763Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.636{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\wbemsvc.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemsvc.dllMD5=2BE97028B7B85762561F475E31989C2A,SHA256=75C9D8C6D41B4B7D70666A8107A08A748CEF6CB9E60AD0288B10CDE12E274AFFtrueMicrosoft WindowsValid 734700x80000000000000006518761Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.636{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006518760Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.636{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msxml6.dll6.30.14393.4530MSXML 6.0Microsoft XML Core ServicesMicrosoft CorporationMSXML6.dllMD5=10A0259030F41545ECAFB6A595F7C457,SHA256=CF160C3ADCE5AA2357697A02C6FC38071CBE1818B036F1C67F746868EB7F814DtrueMicrosoft WindowsValid 734700x80000000000000006518759Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.636{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006518757Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.636{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\wbemprox.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemprox.dllMD5=B7B56FAC395BEEDC20120FD0170A23A3,SHA256=7BDF579D7348D84F251A8411E40E14ADF9406F954914C1C4DE30E880DCF6CEB3trueMicrosoft WindowsValid 734700x80000000000000006518756Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.636{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006518754Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.636{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006518752Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.636{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006518751Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.636{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006518750Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.636{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006518749Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.636{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006518748Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.636{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006518740Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.636{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006518739Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.620{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\FWPUCLNT.DLL10.0.14393.0 (rs1_release.160715-1616)FWP/IPsec User-Mode APIMicrosoft® Windows® Operating SystemMicrosoft Corporationfwpuclnt.dllMD5=A65FA613342B08E0F760D8B13B9C135A,SHA256=C64A1EC862188D2EE1202DB02BFBF4E2DD56780905E509012799EB57FC9A88EDtrueMicrosoft WindowsValid 734700x80000000000000006518738Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.620{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006518737Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.620{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\ncobjapi.dll10.0.14393.0 (rs1_release.160715-1616)-Microsoft® Windows® Operating SystemMicrosoft CorporationNCObjAPI.DLLMD5=EA51AB4DE69030FC62B5014175D27A88,SHA256=774A8136F6FC789952548DA2A72F2E53E32A33E91C48EA707C1D823058515DABtrueMicrosoft WindowsValid 734700x80000000000000006518736Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.620{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006518735Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.620{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006518734Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.620{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006518733Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.620{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006518732Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.620{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\mlang.dll10.0.14393.4169 (rs1_release.210107-1130)Multi Language Support DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMLANG.DLLMD5=1DB944C25F1B1D7105543E61F1CC5E2F,SHA256=EBA81052B0330151F8FE0FC95AFD2203D3869D67A05AD4E5D3FA8A69B48B4046trueMicrosoft WindowsValid 734700x80000000000000006518731Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.620{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006518729Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.620{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbemcomn.dll10.0.14393.4530 (rs1_release.210705-0736)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemcomn.dllMD5=91E2160941219FFEBE4093E6681BE4CF,SHA256=3B8AA86EAF2200F53A6EB57B08A34F1BA5E467B72E5002C3BCBF20AF40D98CD1trueMicrosoft WindowsValid 734700x80000000000000006518728Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.620{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\fastprox.dll10.0.14393.0 (rs1_release.160715-1616)WMI Custom MarshallerMicrosoft® Windows® Operating SystemMicrosoft Corporationfastprox.dllMD5=C2F7834269D565263C65757EDE37A66C,SHA256=17651A35255229CE95F065CA1BCCC4867B43DA879D72AFCC91FBA4768225C7D3trueMicrosoft WindowsValid 734700x80000000000000006518727Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.620{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006518726Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.620{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006518725Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.620{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006518723Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.620{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006518722Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.620{4DF467A6-46DE-613A-8FFB-00000000F001}424C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\WmiPrvSE.exe10.0.14393.2155 (rs1_release_1.180305-1842)WMI Provider HostMicrosoft® Windows® Operating SystemMicrosoft CorporationWmiprvse.exeMD5=E1BCE838CD2695999AB34215BF94B501,SHA256=1D7B11C9DEDDAD4F77E5B7F01DDDDA04F3747E512E0AA23D39E4226854D26CA2trueMicrosoft WindowsValid 734700x80000000000000006518717Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.620{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\coml2.dll10.0.14393.2608 (rs1_release.181024-1742)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOML2.DLLMD5=F51CCB7A95B83C1327390BF672AFD328,SHA256=850E50B525EF51374B880146E26464D10A8B1DAE1E0307F7B27DC7322824F2BFtrueMicrosoft WindowsValid 734700x80000000000000006518710Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.620{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\rasadhlp.dll10.0.14393.0 (rs1_release.160715-1616)Remote Access AutoDial HelperMicrosoft® Windows® Operating SystemMicrosoft Corporationrasadhlp.dllMD5=FAE8D0480BDD905EEA453D3A57C8D5C6,SHA256=C1531223B8201B344A6A6474CB2D9B8A8C632250A3A6F472EC5E2D7D28ADD94CtrueMicrosoft WindowsValid 734700x80000000000000006518706Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.604{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\webio.dll10.0.14393.3866 (rs1_release.200805-1327)Web Transfer Protocols APIMicrosoft® Windows® Operating SystemMicrosoft Corporationwebio.dllMD5=0CE65DF03820B5523EFE7D20258E6F0A,SHA256=9224732E1A7761866BB479C91A02C561F77B203EB20914F4ED0AF8FE320E8FF6trueMicrosoft WindowsValid 734700x80000000000000006518703Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.604{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006518697Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.604{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wininet.dll11.00.14393.4583 (rs1_release.210730-1850)Internet Extensions for Win32Internet ExplorerMicrosoft Corporationwininet.dllMD5=524876363DA8F469C13E0818256B6131,SHA256=DAA85FEAB4553D9A203A85A58C8CB26A2784E0D33226B41AAE98471DAE75C035trueMicrosoft WindowsValid 734700x80000000000000006518682Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.604{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006518680Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.604{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006518678Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.603{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\iertutil.dll11.00.14393.4467 (rs1_release.210604-1844)Run time utility for Internet ExplorerInternet ExplorerMicrosoft CorporationIeRtUtil.dllMD5=1D608361848C3A3AC56488995E8D0BB1,SHA256=D95DE5DBAD08E22CB0CFB9322220E752F16124C15867F7748E4D64795E400EBFtrueMicrosoft WindowsValid 734700x80000000000000006518677Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.603{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\urlmon.dll11.00.14393.4530 (rs1_release.210705-0736)OLE32 Extensions for Win32Internet ExplorerMicrosoft CorporationUrlMon.dllMD5=B63DBDFEC215CF37259DC4A88ADBD0E7,SHA256=67B02F3DE0AF36E76C2D259CE7833EDA4FE33D935538E8A4C1E7E82130870FC1trueMicrosoft WindowsValid 734700x80000000000000006518675Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.601{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dhcpcsvc.dll10.0.14393.3930 (rs1_release.200901-1914)DHCP Client ServiceMicrosoft® Windows® Operating SystemMicrosoft Corporationdhcpcsvc.dllMD5=CD3B9633BBEF2102C4665A2C39EC0B1A,SHA256=341EFB4806BE39E09AA90CA3B069C39F2A9D61FA9B512350B2721D41875AFCAEtrueMicrosoft WindowsValid 734700x80000000000000006518673Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.600{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dhcpcsvc6.dll10.0.14393.3930 (rs1_release.200901-1914)DHCPv6 ClientMicrosoft® Windows® Operating SystemMicrosoft Corporationdhcpcsvc6.dllMD5=1721EAC44BCFC7177AA664ADCA514F23,SHA256=C099BCCE44A04A48147DE8CF093EBF997510154113789BF31394B5148F60B375trueMicrosoft WindowsValid 734700x80000000000000006518671Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.599{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006518669Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.598{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\winnsi.dll10.0.14393.2339 (rs1_release_inmarket.180611-1502)Network Store Information RPC interfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationwinnsi.dllMD5=25B3BD4D63460EE4599F5631C1B83D21,SHA256=07E055D47940F09CB7EB512D52672C944D7D2F035A2F45766319871C0862C5B1trueMicrosoft WindowsValid 734700x80000000000000006518667Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.583{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\mswsock.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft Windows Sockets 2.0 Service ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationmswsock.dllMD5=B52ACA309FD6F72105951FFBA022327B,SHA256=02AB6CCE4BF0D3F075D5E982F5A4CBDB514CE7C245EA474D7846A86CD3F13202trueMicrosoft WindowsValid 734700x80000000000000006518666Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.583{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\OnDemandConnRouteHelper.dll10.0.14393.4169 (rs1_release.210107-1130)On Demand Connctiond Route HelperMicrosoft® Windows® Operating SystemMicrosoft CorporationOnDemandConnRouteHelper.dllMD5=BAE78E97BEBB832376654560305922E3,SHA256=6A188DC4F1005E46CCA529E9C757D9B3B5F98E5587AFAA5E4200C7DD2AC73355trueMicrosoft WindowsValid 734700x80000000000000006518663Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.583{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\winhttp.dll10.0.14393.4467 (rs1_release.210604-1844)Windows HTTP ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationwinhttp.dllMD5=8893BE5829B2F909E7FC4AF4C43B54F9,SHA256=C1D791C72417FD001E2A5FE441717881D43428A931724E7FD2DCCE6C83699458trueMicrosoft WindowsValid 734700x80000000000000006518617Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.551{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSPTLS.DLL16.0.13801.20178Microsoft Office componentMicrosoft OfficeMicrosoft Corporationmsptls.dllMD5=53C631125C4AB3BFA9F7DB70B4B02EFA,SHA256=4F0593A374FE614EBBFAB37A9C39515D695ABA2EF3ADDD72BD912A83426789FEtrueMicrosoft CorporationValid 734700x80000000000000006518601Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.483{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\d3d10warp.dll10.0.14393.2608 (rs1_release.181024-1742)Direct3D 10 RasterizerMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D10Warp.dllMD5=B69F0419A16A616FE2D779EC98CD7FB9,SHA256=2D10B43F2137433E48A009227487C691E312D186691485D33B4FDF90D8423C9DtrueMicrosoft WindowsValid 734700x80000000000000006518577Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.551{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\sppc.dll10.0.14393.67 (rs1_release.160804-2231)Software Licensing Client DllMicrosoft® Windows® Operating SystemMicrosoft Corporationsppc.dllMD5=7CF84329545035CC0833119C7268A620,SHA256=49E3FA8B9F9ACB1A2CEDE37970361316C93286CEE7F70DE5985E7135498A4210trueMicrosoft WindowsValid 734700x80000000000000006518576Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.551{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\xmllite.dll10.0.14393.3143 (rs1_release.190725-1725)Microsoft XmlLite LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationXmlLite.dllMD5=64E301CCFADF34810ADA8DE9DBC7720F,SHA256=6EAE1E0E610793C7DF2B27795553F377D2C4126CF74D8EE4A84DE3C3150871F8trueMicrosoft WindowsValid 734700x80000000000000006518575Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.551{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wbem\fastprox.dll10.0.14393.0 (rs1_release.160715-1616)WMI Custom MarshallerMicrosoft® Windows® Operating SystemMicrosoft Corporationfastprox.dllMD5=C2F7834269D565263C65757EDE37A66C,SHA256=17651A35255229CE95F065CA1BCCC4867B43DA879D72AFCC91FBA4768225C7D3trueMicrosoft WindowsValid 734700x80000000000000006518574Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.536{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wbem\wbemsvc.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemsvc.dllMD5=2BE97028B7B85762561F475E31989C2A,SHA256=75C9D8C6D41B4B7D70666A8107A08A748CEF6CB9E60AD0288B10CDE12E274AFFtrueMicrosoft WindowsValid 734700x80000000000000006518569Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.520{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wbemcomn.dll10.0.14393.4530 (rs1_release.210705-0736)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemcomn.dllMD5=91E2160941219FFEBE4093E6681BE4CF,SHA256=3B8AA86EAF2200F53A6EB57B08A34F1BA5E467B72E5002C3BCBF20AF40D98CD1trueMicrosoft WindowsValid 734700x80000000000000006518547Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.520{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006518546Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.520{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wbem\wbemprox.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemprox.dllMD5=B7B56FAC395BEEDC20120FD0170A23A3,SHA256=7BDF579D7348D84F251A8411E40E14ADF9406F954914C1C4DE30E880DCF6CEB3trueMicrosoft WindowsValid 734700x80000000000000006518542Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.483{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\d3d11.dll10.0.14393.4467 (rs1_release.210604-1844)Direct3D 11 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D11.dllMD5=F940A91B13592184F228ECC14D8D9358,SHA256=2BC05A4D09CDBAB8DB5F767DC95F31B2CA324928A94F004C7C2968E3E9E635E2trueMicrosoft WindowsValid 734700x80000000000000006518521Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.520{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\RICHED20.DLL16.0.13801.20442RichEdit Version 8.0Microsoft OfficeMicrosoft Corporationriched20.dllMD5=4AADCAFE0937BFDD2C0E089B37549CD7,SHA256=8D12811470721C2A4775AE2CF2B236C5E16FD4215D70E63C768BD9F4ADBC364AtrueMicrosoft CorporationValid 734700x80000000000000006518520Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.520{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\webservices.dll10.0.14393.2312 (rs1_release.180607-1919)Windows Web Services RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationWebServices.dllMD5=3EE43755685D59060FAC0E2F09D67686,SHA256=BF80D9B840C28BC4E8FE9A4E6DBCCCAEE37A108F83428ABA1DD780D5312369D8trueMicrosoft WindowsValid 734700x80000000000000006518519Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.520{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dpapi.dll10.0.14393.0 (rs1_release.160715-1616)Data Protection APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdpapi.dllMD5=927EA28A3F416A5A5E9FC638CA245EF5,SHA256=D399633CC99D754DD999BB4FFADD768FEA82F57A0241809117AD786DC33DD30EtrueMicrosoft WindowsValid 734700x80000000000000006518518Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.504{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\npmproxy.dll10.0.14393.4169 (rs1_release.210107-1130)Network List Manager ProxyMicrosoft® Windows® Operating SystemMicrosoft Corporationnpfproxy.dllMD5=4D76C6FAF3D01B31A68C9ABF95F4B7D4,SHA256=9B771613C067880E99ED3D68E6C2A43C6B252E899D44682ADEB5A7F02E925920trueMicrosoft WindowsValid 734700x80000000000000006518517Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.504{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006518515Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.504{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\MSOARIA.DLL16.0.55555.10000Microsoft Office componentMicrosoft OfficeMicrosoft CorporationMsoAria.dllMD5=2357126682CE4CAB2E5963883400D41D,SHA256=878BF317D30612C970E2EFDF93C3F22BF360D0304CFB54E96D638E8A5DE24E51trueMicrosoft CorporationValid 734700x80000000000000006518513Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.504{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\twinapi.appcore.dll10.0.14393.4169 (rs1_release.210107-1130)twinapi.appcoreMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.appcore.dllMD5=B877C5BDEA2215B3D3CF89F645EB535C,SHA256=2F5468CC4277C8CB4B2AD1095AFC739ECAE0F0B6EE78E57BF64A97F3BDA54C19trueMicrosoft WindowsValid 734700x80000000000000006518512Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.504{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\WinTypes.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Base Types DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWinTypes.dllMD5=9F209F29ABFF007F55328BCC36367005,SHA256=7F2CBE9B349062DFD782032D50C335E6C292EC5F509746941982A7161F24ED84trueMicrosoft WindowsValid 734700x80000000000000006518511Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.504{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\Windows.Security.Authentication.Web.Core.dll10.0.14393.4169 (rs1_release.210107-1130)Token Broker WinRT APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Security.Authentication.Web.Core.dllMD5=E3AB65431FF6EA142FECF301220904D0,SHA256=60F168A317109BA364699F1FA1A2DDD8E5B0008A16CD7F1DB80583848DFCA7CFtrueMicrosoft WindowsValid 734700x80000000000000006518509Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.504{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll4.8.4180.0 built by: NET48REL1LAST_BMicrosoft .NET Runtime Execution EngineMicrosoft® .NET FrameworkMicrosoft Corporationmscoreei.dllMD5=899A8B655E52A061B33571D97C5C06ED,SHA256=DE05B03E37FB9BA5D74CF8FA36A6F0B15AB61705285B738BC90D14FDE580A45EtrueMicrosoft CorporationValid 734700x80000000000000006518508Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.504{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\mscoree.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft .NET Runtime Execution EngineMicrosoft® Windows® Operating SystemMicrosoft Corporationmscoree.dllMD5=5ECE402D7E12EC3750D044BF3D878DF6,SHA256=3F02B1AE7B61BC36B04EA2B82ED79F112219F4E9668518030FF14B005E2C9BBCtrueMicrosoft WindowsValid 734700x80000000000000006518507Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.504{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\netprofm.dll10.0.14393.4169 (rs1_release.210107-1130)Network List ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationnetprofm.dllMD5=02AD37C3C2D54BCD9E7BD2AFF3D6E7A6,SHA256=D71D631EC1790A9BD9451EFAEFC7EBADE6353A17CDBB4D8AAACD3102430A686EtrueMicrosoft WindowsValid 734700x80000000000000006518506Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.504{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\normaliz.dll10.0.14393.0 (rs1_release.160715-1616)Unicode Normalization DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnormaliz.dllMD5=65930A2C537774A8CBB0A1BE20266D51,SHA256=2879DECC03521C385C5D29381B002E7B70BB448BC2787D9C08174592C7D80BC8trueMicrosoft WindowsValid 734700x80000000000000006518505Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.503{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006518501Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.451{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ResourcePolicyClient.dll10.0.14393.3808 (rs1_release.200707-2105)Resource Policy ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationResourcePolicyClient.dllMD5=8FD5FEFE4E020BBC2D95F07BCDC84F71,SHA256=E5E351822CCDEBF81C47C4CA1D5C158E2880C1BD29CA024D163FD9316F3046AEtrueMicrosoft WindowsValid 734700x80000000000000006518474Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.483{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006518473Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.483{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006518472Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.436{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\d2d1.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft D2D LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationd2d1MD5=E15A420D82314AF63973D7D0AB3BA2DD,SHA256=C264B2FA1F3E67E558E2671807C06270926EF456F4FF83F1F9859B18184F187EtrueMicrosoft WindowsValid 734700x80000000000000006518447Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.483{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\DWrite.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=1875083243EE498D0B2BB6B025AD7520,SHA256=A3FA592126642537BF6F0E4E9750A43A899525FE616DE899ABD7F26A9E7620C4trueMicrosoft WindowsValid 734700x80000000000000006518446Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.483{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\WindowsCodecs.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Windows Codecs LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationWindowsCodecsMD5=B791899A46FD151559658F4F86C3C6F5,SHA256=E559B36A3CC2261C16916F2D49FA351DC4E21E5EC581AC43547ABA16F70CDA7EtrueMicrosoft WindowsValid 734700x80000000000000006518445Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.483{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\d3d10_1core.dll10.0.14393.0 (rs1_release.160715-1616)Direct3D 10.1 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D10_1Core.dllMD5=AD41EACFB2A670E17F2C09F8AB06F428,SHA256=208B4CF05936AC21EB0337FB17B1B8F12D778A6E880435C589202457EB0CF73EtrueMicrosoft WindowsValid 734700x80000000000000006518444Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.483{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\d3d10_1.dll10.0.14393.0 (rs1_release.160715-1616)Direct3D 10.1 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D10_1.dllMD5=9945D52ACD8FED11F0A636F916C4FF16,SHA256=97C5A99ED38F8516133D6B95070C5998BAAE75EAEF730531D91B81FEE4B81D82trueMicrosoft WindowsValid 734700x80000000000000006518436Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.467{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\sppc.dll10.0.14393.67 (rs1_release.160804-2231)Software Licensing Client DllMicrosoft® Windows® Operating SystemMicrosoft Corporationsppc.dllMD5=7CF84329545035CC0833119C7268A620,SHA256=49E3FA8B9F9ACB1A2CEDE37970361316C93286CEE7F70DE5985E7135498A4210trueMicrosoft WindowsValid 734700x80000000000000006518435Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.467{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\slc.dll10.0.14393.67 (rs1_release.160804-2231)Software Licensing Client DllMicrosoft® Windows® Operating SystemMicrosoft Corporationslc.dllMD5=060E11DCB875D981E948073986E295DC,SHA256=30858EA58F24537CC3369091F92AD70C59877BDB1FDF8DEC7762A7AB72DDE885trueMicrosoft WindowsValid 734700x80000000000000006518434Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.467{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=74621C6ABE4E9A568DF0A38E7282D71E,SHA256=0788A092D47800D0EB120A7DBB9E59234D0722A4A2E80ECE6CE70E3A84A3750AtrueMicrosoft WindowsValid 734700x80000000000000006518431Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.451{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dxgi.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)DirectX Graphics InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationdxgi.dllMD5=3C32D763740C83DB2C44DEA4B6F18C54,SHA256=ED26DBB9C3656767CA25887CDC3B45CF978AFC75E064FF5457A36C7A69E55223trueMicrosoft WindowsValid 734700x80000000000000006518428Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.436{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\winsta.dll10.0.14393.0 (rs1_release.160715-1616)Winstation LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationwinsta.dllMD5=12668CEFEE3754CFA61C5699821668B3,SHA256=D0C81619EDE8B846D98417989684EF16DF3A053CC049C7281E40F3359AD5B570trueMicrosoft WindowsValid 734700x80000000000000006518427Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.436{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msctf.dll10.0.14393.4530 (rs1_release.210705-0736)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=E2374A214A9F0C8347C29EBDE3447986,SHA256=F2260FE7E0C4E92D49CF0F550E2A1B3D3F1D2D76E6F5C8F16B0E16B6117D9EE1trueMicrosoft WindowsValid 734700x80000000000000006518424Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.436{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12trueMicrosoft WindowsValid 734700x80000000000000006518418Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.420{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msi.dll5.0.14393.4530Windows InstallerWindows Installer - UnicodeMicrosoft Corporationmsi.dllMD5=4479EEB5C5400D4C084274BA015750FA,SHA256=6B30AE7147132038E603EEB2D35C35BB3D03EC5AFA560D31969E2D39A44ACDCDtrueMicrosoft WindowsValid 734700x80000000000000006518415Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.420{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5trueMicrosoft WindowsValid 734700x80000000000000006518413Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.404{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSO.DLL16.0.13801.20796Microsoft Office componentMicrosoft OfficeMicrosoft CorporationMSO.dllMD5=DEAB06C2DDF8959448455176D2A1754E,SHA256=49708B1D39D76B2E9F096B95BCB30B6601D3B5C8E1D84830740EC25FE8F38F39trueMicrosoft CorporationValid 734700x80000000000000006518412Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.404{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wtsapi32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Remote Desktop Session Host Server SDK APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationwtsapi32.dllMD5=D0DB3DD09FB2B4ADABF4E719FAFC4EB9,SHA256=8B7C056B5F4AB604ED5077A39C63CE1B5A34929DE76DA4A3C54D6E648D123BABtrueMicrosoft WindowsValid 734700x80000000000000006518411Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.404{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36trueMicrosoft WindowsValid 734700x80000000000000006518410Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.404{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso98win32client.dll16.0.13801.20808Microsoft Office componentMicrosoft OfficeMicrosoft CorporationMso98Win32Client.dllMD5=58F3352E3A0867817F759EA7940F2E10,SHA256=86AFDD63CFCA5B03D5265A2828F073CA401FE00B555B40AD9A0F7A193E200315trueMicrosoft CorporationValid 734700x80000000000000006518409Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.404{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso50win32client.dll16.0.13801.20442Microsoft Office componentMicrosoft OfficeMicrosoft CorporationMso50Win32Client.dllMD5=AF5E26C38079AF31CCAA732B6A351A0D,SHA256=C0BBDC787DCD21EF78B89B6C18C81A1ECC8F5B4D3C4E2F412525FD70039E667DtrueMicrosoft CorporationValid 734700x80000000000000006518406Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.383{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ntasn1.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft ASN.1 APIMicrosoft® Windows® Operating SystemMicrosoft Corporationntasn1.dllMD5=A45B23E8D2623CE3F760377766AF3E24,SHA256=E0A8F5055CD9E2AF029B8537E09EFFAF1F46C724CB720A6395DCF563EF70B843trueMicrosoft WindowsValid 734700x80000000000000006518384Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.404{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso40UIwin32client.dll16.0.13801.20840Microsoft Office componentMicrosoft OfficeMicrosoft Corporationmso40uiWin32Client.dllMD5=42CCB21CAB1B66AA9C7FF859A4BED97B,SHA256=76EFA67F0B7EA66DEAB42DB051DBCBA4B05EC04032B1D8AAE5E7761D7C6CA24FtrueMicrosoft CorporationValid 734700x80000000000000006518383Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.403{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wevtapi.dll10.0.14393.3053 (rs1_release_inmarket.190612-1836)Eventing Consumption and Configuration APIMicrosoft® Windows® Operating SystemMicrosoft Corporationwevtapi.dllMD5=E0D1C6AC18800339A2EC1134A7C899ED,SHA256=E4340ACB47A202B1BFCE678C44BA5B0B171E388021B0B7D0CED19A55AD9712E1trueMicrosoft WindowsValid 734700x80000000000000006518379Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.383{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ncrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows NCrypt RouterMicrosoft® Windows® Operating SystemMicrosoft Corporationncrypt.dllMD5=025DBE9D0F7AE719C64DE3A4555A7C0A,SHA256=1A223828A444E7797A9E00632DAE81AC3AC68B38786E67912B1C3FC6118FB6B4trueMicrosoft WindowsValid 734700x80000000000000006518357Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.400{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso30win32client.dll16.0.13801.20840Microsoft Office componentMicrosoft OfficeMicrosoft CorporationMso30Win32Client.dllMD5=F4FDCEA65C429F01EEC45163F005B5E3,SHA256=F3FF96E7EBF9E4BB43170456395F09C1DAB832B1F66EBFAFF5EF54344DB929D5trueMicrosoft CorporationValid 734700x80000000000000006518354Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.383{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006518353Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.383{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\RstrtMgr.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)Restart ManagerMicrosoft® Windows® Operating SystemMicrosoft CorporationRstrtMgr.dllMD5=F14EA4521A8C000F1165581B5837355E,SHA256=6CB383C1FFB8AB7301B1666EEA83FD484EA049147C834725894652DB20D28359trueMicrosoft WindowsValid 734700x80000000000000006518352Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.383{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006518351Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.383{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242trueMicrosoft WindowsValid 734700x80000000000000006518350Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.383{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FAtrueMicrosoft WindowsValid 734700x80000000000000006518349Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.383{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\cryptui.dll10.0.14393.3321 (rs1_release.191016-1811)Microsoft Trust UI ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationCRYPTUI.DLLMD5=7BA8C29986BA103E2353D405DCCB87D7,SHA256=E9FFD440B5318D65AC2A38125CC417C8F34C6344CA8D9251A8ABE74D14C518B8trueMicrosoft WindowsValid 734700x80000000000000006518348Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.383{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso20win32client.dll16.0.13801.20840Microsoft Office componentMicrosoft OfficeMicrosoft CorporationMso20Win32Client.dllMD5=33E67D19ED73BD77FAB770F3677363E0,SHA256=3A7198AC7F995AE9FCA91372AFC3719C04417D638EE37EAA3162DE0A99F0F6B9trueMicrosoft CorporationValid 734700x80000000000000006518347Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.383{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5trueMicrosoft WindowsValid 734700x80000000000000006518346Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.383{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.4530_none_aec97a71ddd5fa56\GdiPlus.dll10.0.14393.4530 (rs1_release.210705-0736)Microsoft GDI+Microsoft® Windows® Operating SystemMicrosoft CorporationgdiplusMD5=D1F325FD8BA2F0AA9F853CB05DBDE6F6,SHA256=ED1FDCE716A2D5E0703DEBAE0E272BAA49C750B31773E9C0ADFCF5F9758F9350trueMicrosoft WindowsValid 734700x80000000000000006518345Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.383{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\OART.DLL16.0.13801.20688Microsoft OfficeArtMicrosoft OfficeMicrosoft CorporationOART.DLLMD5=A4816E74F5F4F3A1D9B6637EB47C8B23,SHA256=9447582F286D97A4707BB8A6847398637D742E5ED653804EE94E495E3E3BF339trueMicrosoft CorporationValid 734700x80000000000000006518344Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.383{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\WWLIB.DLL16.0.13801.20854Microsoft WordMicrosoft OfficeMicrosoft Corporationwwlib.dllMD5=88AD4C5ED7EE51A82DDB8DF471E749B6,SHA256=E21BE93D40924965E74C6D1619F3C9AEE1FE09F535C8260B61387984DF55BC2DtrueMicrosoft CorporationValid 734700x80000000000000006518306Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002AtrueMicrosoft WindowsValid 734700x80000000000000006518305Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84BtrueMicrosoft WindowsValid 734700x80000000000000006518304Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899trueMicrosoft WindowsValid 734700x80000000000000006518303Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430DtrueMicrosoft WindowsValid 734700x80000000000000006518302Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006518299Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\dsclient.dll10.0.14393.0 (rs1_release.160715-1616)Data Sharing Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdsclient.dllMD5=68B9D02A469519C6BFD9F39854EE8E62,SHA256=A7646650AB50D076DBBC6E9B767565DDA71B078814BC2071BA525F118B861883trueMicrosoft WindowsValid 734700x80000000000000006518298Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\WpPortingLibrary.dll10.0.14393.0 (rs1_release.160715-1616)<d> DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWpPortingLibrary.dllMD5=9F86158107F4C4A954E1A1594A73E769,SHA256=8D797D0B92ACE4957EDC3380C06D54CC2912896248A2A68E86F83FA0B7A24136trueMicrosoft WindowsValid 734700x80000000000000006518297Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CAtrueMicrosoft WindowsValid 734700x80000000000000006518296Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\Windows.System.Launcher.dll10.0.14393.4169 (rs1_release.210107-1130)Windows.System.LauncherMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.System.Launcher.dllMD5=384379949D62C818AF52A5DE919A62FD,SHA256=21F85FFD4DD9A61088194F9A416ED1496EE781033D1A23E69893EAC583C72B68trueMicrosoft WindowsValid 734700x80000000000000006518287Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575trueMicrosoft WindowsValid 734700x80000000000000006518286Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\windows.storage.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=1D7997E3AFC26B85024D33F835E18056,SHA256=B2376967E156D4971FB66059F6367030AF937943D2EBF80AF856E643B6E95BBFtrueMicrosoft WindowsValid 734700x80000000000000006518285Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704trueMicrosoft WindowsValid 734700x80000000000000006518284Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006518283Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006518282Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\shell32.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=837B8644B9CE47EC28152E7D764886E0,SHA256=C5BA64473FB38E6B4592EAFA642AF82715CBC676190985D8D8D4150CE840044FtrueMicrosoft WindowsValid 734700x80000000000000006518278Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006518277Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006518276Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\msvcp140.dll14.27.29114.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=F60E0D8C88242FE8CA38A8562685F231,SHA256=254F5CDE2DEF2BF3941F746E4902A36F5169BF73AE9E258E49BC1FEF7B26EC99trueMicrosoft CorporationValid 734700x80000000000000006518275Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006518274Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006518273Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\vcruntime140.dll14.27.29114.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=766F0D18983E0810882FBA122AD1163E,SHA256=F10EF6DE6C651DB42DBD455A1C674047862CEBF6CCCE1F784CDB0571C9EA9757trueMicrosoft CorporationValid 734700x80000000000000006518272Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\vcruntime140_1.dll14.27.29114.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=74B5641A50C27B57ED0DA622E66A239E,SHA256=A571D26E536D4F7DA93ACC24EDB1D823140B660795576DC27F626F1889106D36trueMicrosoft CorporationValid 734700x80000000000000006518271Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006518270Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006518269Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006518268Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006518267Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll16.0.13801.20634Microsoft Office componentMicrosoft OfficeMicrosoft Corporationc2r64.dllMD5=89F83DB0358154696068C1A1A2C48B76,SHA256=97A0AC1E7CF73E000BC13BF560BA088C79797604E5E64F21B6DB843CD16742FFtrueMicrosoft CorporationValid 734700x80000000000000006518266Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006518264Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006518263Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006518261Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll10.0.19041.1074 (WinBuild.160101.0800)Client Virtualization SubsystemsMicrosoft® Windows® Operating SystemMicrosoft CorporationAppVISVSubsystems64.dllMD5=90B77DF9501D41C1FC3B9B08BF739CBD,SHA256=B767361DEEBE62459AD8D6124C9E94B0A20F09EA1C53F6111B7B71252B703A04trueMicrosoft CorporationValid 734700x80000000000000006518259Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.336{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006518256Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.320{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006518252Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.320{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006518249Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.320{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006518248Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.320{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE16.0.13801.20864Microsoft WordMicrosoft OfficeMicrosoft CorporationWinWord.exeMD5=11F7D49A44E922C3BB0B426211F44E66,SHA256=025784F40F20654C264D060B1BA77066CF04BC56F6F2324E56372704FC4EC499trueMicrosoft CorporationValid 734700x80000000000000006518241Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.320{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcp140.dll14.27.29114.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=F60E0D8C88242FE8CA38A8562685F231,SHA256=254F5CDE2DEF2BF3941F746E4902A36F5169BF73AE9E258E49BC1FEF7B26EC99trueMicrosoft CorporationValid 734700x80000000000000006518240Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.320{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\vcruntime140.dll14.27.29114.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=766F0D18983E0810882FBA122AD1163E,SHA256=F10EF6DE6C651DB42DBD455A1C674047862CEBF6CCCE1F784CDB0571C9EA9757trueMicrosoft CorporationValid 734700x80000000000000006518239Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.320{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\vcruntime140_1.dll14.27.29114.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=74B5641A50C27B57ED0DA622E66A239E,SHA256=A571D26E536D4F7DA93ACC24EDB1D823140B660795576DC27F626F1889106D36trueMicrosoft CorporationValid 734700x80000000000000006518238Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:42.305{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll16.0.13801.20442Microsoft Office Shell Extension HandlersMicrosoft OfficeMicrosoft Corporationmsoshext.dllMD5=08AB004F0278B5B461F732D7740A5874,SHA256=A8C1819BFD9FAD66B3360E7757F63A18E1C7D961217B01DBD7C0764217D4027CtrueMicrosoft CorporationValid 734700x80000000000000006519177Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.566{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006519174Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.566{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\sppobjs.dll10.0.14393.4583 (rs1_release.210730-1850)Software Protection Platform PluginsMicrosoft® Windows® Operating SystemMicrosoft Corporationsppobjs.dllMD5=70045B78DCFD4DE800A61A51E60D83DC,SHA256=557A2F2C1F6E766E3CBE8A6E91F7614717848B754242097E820C32EED148A530trueMicrosoft WindowsValid 734700x80000000000000006519170Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.550{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\Clipc.dll10.0.14393.0 (rs1_release.160715-1616)Client Licensing Platform ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationClipC.dllMD5=C1ADE6C578AFD608EBC63BEB0F85ABD7,SHA256=7195914FD6FF035601607636E8EEFC58074852FD9983DB4A7E9DFEAEFA3D8382trueMicrosoft WindowsValid 734700x80000000000000006519169Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.550{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\dsrole.dll10.0.14393.0 (rs1_release.160715-1616)DS Setup Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationDSROLE.DLLMD5=2A319EC8DF0FB5C46CF311B9D2B65B1D,SHA256=62B8900EFDF4B30E54E11232A8DA95DBF066DAEFD364A66EB99ADC028A3798F7trueMicrosoft WindowsValid 734700x80000000000000006519167Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.550{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\sppwinob.dll10.0.14393.4530 (rs1_release.210705-0736)Software Protection Platform Windows PluginMicrosoft® Windows® Operating SystemMicrosoft Corporationsppwinob.dllMD5=131DCFFFD0F2560BCD89F6ECBCC8A2D1,SHA256=5FB678235EC5BB4417B9D69AD7095A6C13AC1C008FA2647BE09205434E57AA4AtrueMicrosoft WindowsValid 734700x80000000000000006519159Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.519{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\concrt140.dll14.27.29114.0 built by: vcwrkspcMicrosoft® Concurrency Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationconcrt140.dllMD5=C53C05B2B2A75D0FF56CB936DFD4E4A5,SHA256=C89C55575DEE5CDE8DC1FB67DF8EB293C4AE0BB0B7C0354D333807DE08D45D04trueMicrosoft CorporationValid 734700x80000000000000006519158Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.519{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\httpapi.dll10.0.14393.1532 (rs1_release_d.170711-1840)HTTP Protocol Stack APIMicrosoft® Windows® Operating SystemMicrosoft Corporationhttpapi.dllMD5=03DBC6A3E615C17C08BF96C999A0C8EE,SHA256=E5D2CAB8D8F3EDDF0E7895E9D585FC89AF6A93954944071CA1B235FA8AF8DD4BtrueMicrosoft WindowsValid 734700x80000000000000006519157Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.519{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\cpprestsdk.dll2.8.0A Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API designC++ REST SDKMicrosoftTARGET_NAME.dllMD5=A916D562344A19E7FD0346390AC95A0C,SHA256=F226271CDC17F336239AB3903C09D4ADDCCD0421395EE9F51A79A4027BF6E345trueMicrosoft CorporationValid 734700x80000000000000006519124Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.435{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006519121Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.435{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006519117Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.435{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006519111Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.419{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006519108Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.419{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006519107Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.419{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006519106Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.419{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006519105Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.419{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006519104Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.419{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006519102Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.419{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006519100Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.419{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242trueMicrosoft WindowsValid 734700x80000000000000006519099Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.419{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\webservices.dll10.0.14393.2312 (rs1_release.180607-1919)Windows Web Services RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationWebServices.dllMD5=3EE43755685D59060FAC0E2F09D67686,SHA256=BF80D9B840C28BC4E8FE9A4E6DBCCCAEE37A108F83428ABA1DD780D5312369D8trueMicrosoft WindowsValid 734700x80000000000000006519098Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.419{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006519097Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.419{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006519096Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.419{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006519095Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.419{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006519094Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.419{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006519093Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.419{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006519092Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.419{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\xmllite.dll10.0.14393.3143 (rs1_release.190725-1725)Microsoft XmlLite LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationXmlLite.dllMD5=64E301CCFADF34810ADA8DE9DBC7720F,SHA256=6EAE1E0E610793C7DF2B27795553F377D2C4126CF74D8EE4A84DE3C3150871F8trueMicrosoft WindowsValid 734700x80000000000000006519091Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.419{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006519090Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.419{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006519089Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.419{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\cryptxml.dll10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)XML DigSig APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptxml.dllMD5=2D8B5120841F9D57D81B417B8033051F,SHA256=10896E3FBB656A1FD76CB636510A8501B12068C653BC27FAA4DD8DC89ED7AE4AtrueMicrosoft WindowsValid 734700x80000000000000006519088Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.419{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006519087Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.419{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FAtrueMicrosoft WindowsValid 734700x80000000000000006519086Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.419{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006519085Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.419{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006519084Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.419{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006519083Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.419{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006519080Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.403{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006519079Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.403{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006519078Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.403{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006519077Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:43.403{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\sppsvc.exe10.0.14393.4530 (rs1_release.210705-0736)Microsoft Software Protection Platform ServiceMicrosoft® Windows® Operating SystemMicrosoft Corporationsppsvc.exeMD5=280B8B6A6CD8A833284EA11425EE5396,SHA256=FD9A147C6649AC20CBC7C74DC431866468D2E4183ED7B876F7E336382DCC6A40trueMicrosoft WindowsValid 734700x80000000000000006519366Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:45.863{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\davhlpr.dll10.0.14393.0 (rs1_release.160715-1616)DAV Helper DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdavhlpr.DLLMD5=D7A5CB6257EA5F99F80A1075BBFEEB41,SHA256=4720811BED40F9998038BCEC6F941E418AB6D0305AB15AFB248F49CC02C64D74trueMicrosoft WindowsValid 734700x80000000000000006519365Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:45.863{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006519341Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:45.464{4DF467A6-46E1-613A-91FB-00000000F001}1464C:\Windows\System32\dllhost.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006519340Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:45.464{4DF467A6-46E1-613A-91FB-00000000F001}1464C:\Windows\System32\dllhost.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006519339Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:45.464{4DF467A6-46E1-613A-91FB-00000000F001}1464C:\Windows\System32\dllhost.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36trueMicrosoft WindowsValid 734700x80000000000000006519338Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:45.448{4DF467A6-46E1-613A-91FB-00000000F001}1464C:\Windows\System32\dllhost.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430DtrueMicrosoft WindowsValid 734700x80000000000000006519337Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:45.448{4DF467A6-46E1-613A-91FB-00000000F001}1464C:\Windows\System32\dllhost.exeC:\Windows\System32\thumbcache.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Thumbnail CacheMicrosoft® Windows® Operating SystemMicrosoft Corporationthumbcache.dllMD5=C146766884A92B154F2EB38463F2263D,SHA256=48C5CC7760187EDB140A904D3AC5FD24F740973CDBA07962047859F84E7BEB9CtrueMicrosoft WindowsValid 734700x80000000000000006519334Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:45.448{4DF467A6-46E1-613A-91FB-00000000F001}1464C:\Windows\System32\dllhost.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12trueMicrosoft WindowsValid 734700x80000000000000006519333Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:45.448{4DF467A6-46E1-613A-91FB-00000000F001}1464C:\Windows\System32\dllhost.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002AtrueMicrosoft WindowsValid 734700x80000000000000006519332Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:45.448{4DF467A6-46E1-613A-91FB-00000000F001}1464C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006519331Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:45.448{4DF467A6-46E1-613A-91FB-00000000F001}1464C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006519330Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:45.448{4DF467A6-46E1-613A-91FB-00000000F001}1464C:\Windows\System32\dllhost.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006519329Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:45.448{4DF467A6-46E1-613A-91FB-00000000F001}1464C:\Windows\System32\dllhost.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006519328Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:45.432{4DF467A6-46E1-613A-91FB-00000000F001}1464C:\Windows\System32\dllhost.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006519326Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:45.432{4DF467A6-46E1-613A-91FB-00000000F001}1464C:\Windows\System32\dllhost.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006519325Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:45.432{4DF467A6-46E1-613A-91FB-00000000F001}1464C:\Windows\System32\dllhost.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006519324Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:45.432{4DF467A6-46E1-613A-91FB-00000000F001}1464C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006519323Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:45.432{4DF467A6-46E1-613A-91FB-00000000F001}1464C:\Windows\System32\dllhost.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006519322Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:45.432{4DF467A6-46E1-613A-91FB-00000000F001}1464C:\Windows\System32\dllhost.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006519321Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:45.432{4DF467A6-46E1-613A-91FB-00000000F001}1464C:\Windows\System32\dllhost.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006519320Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:45.417{4DF467A6-46E1-613A-91FB-00000000F001}1464C:\Windows\System32\dllhost.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006519318Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:45.417{4DF467A6-46E1-613A-91FB-00000000F001}1464C:\Windows\System32\dllhost.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006519317Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:45.417{4DF467A6-46E1-613A-91FB-00000000F001}1464C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006519316Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:45.417{4DF467A6-46E1-613A-91FB-00000000F001}1464C:\Windows\System32\dllhost.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006519315Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:45.417{4DF467A6-46E1-613A-91FB-00000000F001}1464C:\Windows\System32\dllhost.exeC:\Windows\System32\dllhost.exe10.0.14393.0 (rs1_release.160715-1616)COM SurrogateMicrosoft® Windows® Operating SystemMicrosoft Corporationdllhost.exeMD5=DA63852A2B0340E94D74EAF0CD444979,SHA256=EE8364C07B3F4F71FA649E0E6C4C73C15D285130E4B16E79890EEBBF89C2164EtrueMicrosoft WindowsValid 734700x80000000000000006519405Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:48.975{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\hlink.dll10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Microsoft Office 2000 componentMicrosoft® Windows® Operating SystemMicrosoft Corporationhlink.dllMD5=FD7A5F4DF14E2D70CE268E22C5A56650,SHA256=E159200E7E4F627FDCF37230F12412B45C18FB1D3EFB1D3F06B4FE1BAA205351trueMicrosoft WindowsValid 734700x80000000000000006519472Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:52.071{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ExplorerFrame.dll10.0.14393.4169 (rs1_release.210107-1130)ExplorerFrameMicrosoft® Windows® Operating SystemMicrosoft CorporationExplorerFrame.dllMD5=BB0850797E5D50E70FFB3FFCEBFE77A9,SHA256=042F69100AAEB04CF79872035422A033FB87F2F0113EE89AB6B61FFA41A224D8trueMicrosoft WindowsValid 734700x80000000000000006519490Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:53.107{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176trueMicrosoft WindowsValid 734700x80000000000000006519708Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:58.563{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\D3DCompiler_47.dll10.0.14393.3930 (rs1_release.200901-1914)Direct3D HLSL CompilerMicrosoft® Windows® Operating SystemMicrosoft Corporationd3dcompiler_47.dllMD5=6C441F5AD6724D68B27D9928C6C1170D,SHA256=EEA0AE3BDCEF59AF62F471E90C489044B8DB55BFF6377231E002A70AB1F8CF73trueMicrosoft WindowsValid 734700x80000000000000006519696Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:58.385{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\Windows.Globalization.dll10.0.14393.4467 (rs1_release.210604-1844)Windows GlobalizationMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Globalization.dllMD5=4D2537567A93ABF1D93CB7A7E76F954C,SHA256=5740181B56927C0DC66A6BCECA15EA2806A0ED471A01F785AD47C8C73A1DF85FtrueMicrosoft WindowsValid 734700x80000000000000006519669Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:58.401{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\globinputhost.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows Globalization Extension API for InputMicrosoft® Windows® Operating SystemMicrosoft Corporationglobinputhost.dllMD5=B92070EB12AF4C292155EBB155A0B6C3,SHA256=F155CFD56DC7199F16377259C55C0E8A26662A81588264F01D0E1F1387721DDCtrueMicrosoft WindowsValid 734700x80000000000000006519667Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:58.401{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\BCP47Langs.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)BCP47 Language ClassesMicrosoft® Windows® Operating SystemMicrosoft CorporationBCP47Lang.dllMD5=F688C2B9DD2EB56C3B0312B6380338AA,SHA256=B22DB210486D3B5F4EEB17900C5E7AA0EEFEDBB068A0C4858EFE9F8018C34628trueMicrosoft WindowsValid 734700x80000000000000006519663Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:58.380{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ExplorerFrame.dll10.0.14393.4169 (rs1_release.210107-1130)ExplorerFrameMicrosoft® Windows® Operating SystemMicrosoft CorporationExplorerFrame.dllMD5=BB0850797E5D50E70FFB3FFCEBFE77A9,SHA256=042F69100AAEB04CF79872035422A033FB87F2F0113EE89AB6B61FFA41A224D8trueMicrosoft WindowsValid 734700x80000000000000006519659Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:58.301{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\edputil.dll10.0.14393.2608 (rs1_release.181024-1742)EDP utilMicrosoft® Windows® Operating SystemMicrosoft CorporationEDPUTIL.DLLMD5=75AC86B00CE4C64B02B105A55CA35628,SHA256=DB31A2345E3BB8DC79BFB4CC29615E3B8B7638AE80BFEC45FA57852669A592AEtrueMicrosoft WindowsValid 734700x80000000000000006519608Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:58.301{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\cscapi.dll10.0.14393.0 (rs1_release.160715-1616)Offline Files Win32 APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcscapi.dllMD5=6433F8201BFB449DC6B47F6999C2F164,SHA256=06729F1E0A0596620B48B6DC4A2CC9CC5FE55B17BD488C71F7F15AA4262C8C14trueMicrosoft WindowsValid 734700x80000000000000006519606Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:58.301{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ntshrui.dll10.0.14393.4169 (rs1_release.210107-1130)Shell extensions for sharingMicrosoft® Windows® Operating SystemMicrosoft Corporationntshrui.dllMD5=E996A5D4EA7754FF1B0411F0B1664603,SHA256=B2DA0AC549C551A2CAF0714EF3B344C33943292FB1FA9F2EEFA706B6FF18F1A2trueMicrosoft WindowsValid 734700x80000000000000006519603Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:58.301{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\linkinfo.dll10.0.14393.0 (rs1_release.160715-1616)Windows Volume TrackingMicrosoft® Windows® Operating SystemMicrosoft CorporationLINKINFO.DLLMD5=4CE9B67A187310E37E535FC4165E0933,SHA256=469B33A5DDAA93D28F66AE6D6956268F6F2F09F146734D00A931FBDD1D87DE42trueMicrosoft WindowsValid 734700x80000000000000006519581Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:58.264{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dcomp.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft DirectComposition LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationdcomp.dllMD5=40873566DBFF13981CA1AE23AC281C5D,SHA256=E52C4619C837358454B969D31E2E14ACDEDABB384272D48C03E4F0AF9A2C2B6EtrueMicrosoft WindowsValid 734700x80000000000000006519556Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:58.264{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\DataExchange.dll10.0.14393.4169 (rs1_release.210107-1130)Data exchangeMicrosoft® Windows® Operating SystemMicrosoft CorporationDataExchange.dllMD5=23F499FA8F8E02A8090FB78E80617BDD,SHA256=08C2E505F3765D98379BB88DC8AD5555AB680A691054933FCA1A2CFCDFA42F51trueMicrosoft WindowsValid 734700x80000000000000006519555Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:58.264{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\PhotoMetadataHandler.dll10.0.14393.4169 (rs1_release.210107-1130)Photo Metadata HandlerMicrosoft® Windows® Operating SystemMicrosoft CorporationPhotoMetadataHandler.dllMD5=6FB0850ABAD1E8FDD1F662FCF819262C,SHA256=3EFCA956A159AE40CE292607EC59E4D258BDE13EAB51AFEF270FE55154CFA26EtrueMicrosoft WindowsValid 734700x80000000000000006519554Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:39:58.248{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\usp10.dll10.0.14393.3321 (rs1_release.191016-1811)Uniscribe Unicode script processorMicrosoft® Windows® Operating SystemMicrosoft CorporationUSP10.DLLMD5=ACF31D492FD578C0374EB20CC393BE98,SHA256=D49ECA60A94B30DB87CDCEB36F284D273E080E8689E4B0F99D5BD44FFD117A92trueMicrosoft WindowsValid 734700x80000000000000006519866Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.658{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006519865Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.658{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006519864Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.658{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006519861Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.511{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006519860Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.511{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006519859Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.511{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006519857Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.511{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006519855Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.511{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006519854Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.511{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006519853Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.511{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006519852Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.511{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006519851Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.495{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006519850Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.495{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006519849Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.495{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006519846Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006519845Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006519844Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006519843Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006519842Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006519841Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006519840Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006519839Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006519838Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006519837Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006519836Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006519835Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006519834Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006519833Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006519832Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006519831Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006519830Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006519829Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006519828Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006519827Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006519826Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006519825Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006519824Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006519823Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006519822Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006519820Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006519819Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006519818Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006519817Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.480{4DF467A6-46F2-613A-92FB-00000000F001}5204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006519802Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:02.112{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\Windows.Networking.Connectivity.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Networking Connectivity Runtime DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Networking.Connectivity.dllMD5=7934F613774F04B5BFD097B3D77F81FB,SHA256=E1A32AADFED0859269C89D4E1C961D3BC8EA2A5FA86487C9817BB52899E0F60EtrueMicrosoft WindowsValid 734700x80000000000000006519986Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.940{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006519984Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.940{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006519983Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.940{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006519982Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.825{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006519981Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.825{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006519980Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.825{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006519978Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.825{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006519976Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006519975Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006519974Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006519973Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006519972Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006519971Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006519970Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006519969Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006519968Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006519967Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006519966Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006519965Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006519964Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006519963Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006519962Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006519961Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006519960Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006519959Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006519958Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006519957Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006519956Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006519955Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006519954Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006519953Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006519952Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006519951Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006519950Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006519949Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006519948Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006519947Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006519946Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006519944Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006519943Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006519942Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006519941Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.809{4DF467A6-46F3-613A-94FB-00000000F001}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006519928Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.241{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006519926Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.241{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006519925Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.241{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006519924Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.126{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006519923Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.126{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006519922Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.126{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006519920Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.126{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006519918Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006519917Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006519916Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006519915Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006519914Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006519913Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006519912Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006519911Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006519910Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006519909Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006519908Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006519907Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006519906Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006519905Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006519904Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006519903Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006519902Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006519901Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006519900Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006519899Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006519898Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006519897Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006519896Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006519895Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006519894Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006519893Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006519892Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006519891Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006519890Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006519889Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006519888Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006519886Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006519885Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006519884Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006519883Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:03.110{4DF467A6-46F2-613A-93FB-00000000F001}6452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006520047Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.739{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006520046Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.739{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006520045Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.624{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006520044Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.624{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006520043Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.624{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006520041Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.624{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006520039Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006520038Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006520037Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006520036Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006520035Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006520034Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006520033Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006520032Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006520031Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006520030Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006520029Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006520028Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006520027Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006520026Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006520025Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006520024Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006520023Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006520022Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006520021Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006520020Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006520019Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006520018Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006520017Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006520016Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006520015Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006520014Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006520013Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006520012Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006520011Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006520010Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006520009Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006520008Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006520006Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006520005Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006520004Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006520003Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:04.608{4DF467A6-46F4-613A-95FB-00000000F001}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006520124Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.476{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006520122Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.470{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006520121Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.454{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006520120Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.338{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006520119Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.338{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006520118Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.338{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006520116Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.338{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006520114Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.338{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006520113Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.338{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006520112Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.338{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006520111Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.338{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006520110Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.338{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006520109Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.338{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006520108Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.338{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006520107Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.338{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006520106Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.338{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006520105Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.338{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006520104Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.338{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006520103Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.338{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006520102Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.338{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006520101Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.338{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006520100Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.323{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006520099Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.323{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006520098Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.323{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006520097Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.323{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006520096Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.323{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006520095Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.323{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006520094Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.323{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006520093Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.323{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006520092Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.323{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006520091Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.323{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006520090Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.323{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006520089Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.323{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006520088Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.323{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006520087Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.323{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006520086Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.323{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006520085Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.323{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006520084Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.323{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006520083Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.323{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006520081Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.323{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006520080Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.323{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006520079Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.323{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006520078Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.323{4DF467A6-46F5-613A-96FB-00000000F001}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006520074Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.192{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dsparse.dll10.0.14393.0 (rs1_release.160715-1616)Active Directory Domain Services APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdsparse.dllMD5=E9B5EFC173FDD55C00B2F28B8BAC144B,SHA256=0CA602484CD0E2C67091FCD60091608BF746B1D05B353DB9805D1CAE0ED09D70trueMicrosoft WindowsValid 734700x80000000000000006520073Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.192{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006520072Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.192{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\certca.dll10.0.14393.3053 (rs1_release_inmarket.190612-1836)Microsoft® Active Directory Certificate Services CAMicrosoft® Windows® Operating SystemMicrosoft CorporationCertCaMD5=8F23364460E12C9A157F88B9B4A86F2E,SHA256=51B5550668D6420C5DA988FEF83564DD9B4E911866EF4FC80748C8B219789F23trueMicrosoft WindowsValid 734700x80000000000000006520071Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.192{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\CertEnroll.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft® Active Directory Certificate Services Enrollment ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationCertEnrollMD5=20ADB479CDAFBDFB60D8D6E0AD7D6588,SHA256=C1C86EE623A9BCA85CE4D6AD7DA9F75C18E62DA2341219FCF45A73FD0CF5123BtrueMicrosoft WindowsValid 734700x80000000000000006520062Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.092{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\fwbase.dll10.0.14393.0 (rs1_release.160715-1616)Firewall Base DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationfwbase.dllMD5=216C0DC7BEBD19C616A7BCE54F57F70C,SHA256=2305E780D161A736DB237727AC78EC1D2462793FD5013D126621B4BBBB16D743trueMicrosoft WindowsValid 734700x80000000000000006520061Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.092{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\biwinrt.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Background Broker InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationbiwinrt.dllMD5=1774BAC67716351387E5F11635DEED8D,SHA256=74F9B4190CFFADCE3ED3F61D4FD6A4F7CCC6EE0F42E3452D018E8160ECB3BE1FtrueMicrosoft WindowsValid 734700x80000000000000006520060Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.092{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\FirewallAPI.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Firewall APIMicrosoft® Windows® Operating SystemMicrosoft CorporationFirewallAPI.DLLMD5=C7DD193AFCCF63B97C559993608EDAF0,SHA256=26E7628E9C65352F730F38D7BF32A845CC1CAEEC034152B1CDE85F9B89D1A6DCtrueMicrosoft WindowsValid 734700x80000000000000006520059Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.092{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\Windows.Networking.HostName.dll10.0.14393.4169 (rs1_release.210107-1130)Windows.Networking.HostName DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Networking.HostName.dllMD5=8DF028D66876592B54CEF5631E727C2E,SHA256=C16C85F3D505EDE6F2566DF7140171F5AB4A71DDDEEDC653D846D3954AA8E99AtrueMicrosoft WindowsValid 734700x80000000000000006520058Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.092{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\Windows.Networking.dll10.0.14393.4169 (rs1_release.210107-1130)Windows.Networking DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Networking.dllMD5=79801C7A91F51A659B0BBA4E80FFFA6B,SHA256=A261D0F4572FAE532461712C90129E14682B09FA651742DBD856F28430586CA7trueMicrosoft WindowsValid 734700x80000000000000006520057Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.054{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1CtrueMicrosoft WindowsValid 734700x80000000000000006520056Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.054{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\DBGHELP.DLL10.0.17763.1 (WinBuild.160101.0800)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoft CorporationDBGHELP.DLLMD5=3AD4BA5FD42E006E38D60AC93FD882E1,SHA256=502593C125B3DCF31D4565FCA6CF49E75233E1D6F3A7DEF2E2E2431E2501D349trueMicrosoft CorporationValid 734700x80000000000000006520055Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.054{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87trueMicrosoft WindowsValid 734700x80000000000000006520054Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.054{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\v8jsi.dll0.63.1.8_5_210_20React Native V8 JSI AdapterReact Native V8 JSI AdapterMicrosoftv8jsi.dllMD5=A0BC9DBA90FC6D10B7618702FB67EC58,SHA256=2A6EBAA66D27F565E4008619D680DF1F2F13E77C2155F658B29F841B9D49AE51trueMicrosoft CorporationValid 734700x80000000000000006520053Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:05.054{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\react-native-win32.dll0.62.22React-Native-WindowsReact-Native-WindowsMicrosoftreact-native-win32.dllMD5=398277435FAC13143749320A60428DC8,SHA256=0576D3C166CF04F52BA9913A75FF14D77AF755D5285D7E7D64550BA432DBA932trueMicrosoft CorporationValid 734700x80000000000000006520315Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.926{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006520314Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.910{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006520313Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.910{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006520312Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.795{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006520311Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.795{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006520310Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.794{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006520308Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.794{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006520306Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.792{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006520305Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.792{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006520304Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.792{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006520303Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.786{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006520302Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.786{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006520301Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.783{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006520300Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.782{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006520299Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.782{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006520298Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.782{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006520297Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.782{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006520296Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.782{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006520295Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.781{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006520294Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.781{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006520293Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.781{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006520292Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.781{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006520291Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.781{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006520290Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.781{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006520289Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.781{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006520288Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.781{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006520287Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.780{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006520286Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.780{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006520285Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.780{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006520284Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.780{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006520283Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.780{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006520282Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.780{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006520281Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.779{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006520280Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.779{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006520279Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.779{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006520278Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.779{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006520277Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.778{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006520276Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.778{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006520275Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.778{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006520273Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.777{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006520272Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.776{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006520271Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.776{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006520270Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.776{4DF467A6-46F6-613A-98FB-00000000F001}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006520255Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.275{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006520254Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.275{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006520253Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.275{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006520250Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.154{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006520249Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.154{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006520248Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.154{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006520246Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.154{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006520244Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.154{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006520243Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.154{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006520242Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.154{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006520241Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.154{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006520240Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.154{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006520239Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.154{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006520238Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.154{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006520237Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006520236Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006520235Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006520234Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006520233Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006520232Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006520231Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006520230Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006520229Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006520228Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006520227Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006520226Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006520225Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006520224Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006520223Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006520222Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006520221Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006520220Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006520219Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006520218Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006520217Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006520216Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006520215Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006520214Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006520213Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006520212Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006520211Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006520210Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006520209Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006520203Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006520202Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006520201Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006520200Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.138{4DF467A6-46F6-613A-97FB-00000000F001}5956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006520196Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.076{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\CSS7DATA0009.DLL16.0.55555.10000Microsoft ENGLISH Natural Language Server Data and CodeNatural Language ComponentsMicrosoft Corporationcss7Data0009.dllMD5=7E61F72C2CC4AAC44084734CCD4B93CB,SHA256=2933C7FD5143F453C4C085BC7023CB5BC88DC73B5FDE60171930393C645215D8trueMicrosoft CorporationValid 734700x80000000000000006520195Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.076{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\mscss7en.dll16.0.55555.10000Natural Language Development Platform 7 - PRMNatural Language ComponentsMicrosoft Corporationmscss7en.dllMD5=9605B976D5B190DCA0A6A6F3D2ECAF2B,SHA256=AA7527AAAC1DAAE1D97EF0D1BE5CEA412C0653DD5AB0B9B631BD3F569EC7B56EtrueMicrosoft CorporationValid 734700x80000000000000006520193Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.074{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\PROOF\msspell7.dll16.0.55555.10000Natural Language Spelling ServiceNatural Language ComponentsMicrosoft Corporationmsspell7.dllMD5=7685BFAE020B898D319F2670D9E93CCB,SHA256=F4D8041B630477B282ECB822E5B7494DBBA67DCE1AC8F4CA293203E4410DD9DFtrueMicrosoft CorporationValid 734700x80000000000000006520191Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.038{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\PROOF\msgrammar8.dll16.0.55555.10000Grammar Proofing ServiceMicrosoft OfficeMicrosoft CorporationMSGrammar8.dllMD5=226E8BFDAE2E5157512CD97901C4B3A2,SHA256=D77B275C0502165DA334F8316B2406A2F0E8180CA1D62B774D53BBC6543EED4DtrueMicrosoft CorporationValid 734700x80000000000000006520189Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.038{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\OneCoreUAPCommonProxyStub.dll10.0.14393.3808 (rs1_release.200707-2105)OneCoreUAP Common Proxy StubMicrosoft® Windows® Operating SystemMicrosoft CorporationOneCoreUAPCommonProxyStub.dllMD5=9F8EF1431E82015CD1918582A770DB35,SHA256=FC2073DCE9AC41DBF338FAFE85F2429D6D3812573D2192C7A906C1D46E0AB4FAtrueMicrosoft WindowsValid 734700x80000000000000006520188Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.038{4DF467A6-4448-6132-F405-00000000F001}4352C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\OneCoreUAPCommonProxyStub.dll10.0.14393.3808 (rs1_release.200707-2105)OneCoreUAP Common Proxy StubMicrosoft® Windows® Operating SystemMicrosoft CorporationOneCoreUAPCommonProxyStub.dllMD5=9F8EF1431E82015CD1918582A770DB35,SHA256=FC2073DCE9AC41DBF338FAFE85F2429D6D3812573D2192C7A906C1D46E0AB4FAtrueMicrosoft WindowsValid 734700x80000000000000006520185Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.023{4DF467A6-4448-6132-F405-00000000F001}4352C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\MsSpellCheckingFacility.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Spell Checking FacilityMicrosoft® Windows® Operating SystemMicrosoft CorporationMsSpellCheckingFacility.dllMD5=C0079D2D05B1563423C2BF0AED09CE87,SHA256=B55921D0A70FC3F5097010F49C6342E47F30F6B6EB4475CC4F7683954A00836EtrueMicrosoft WindowsValid 734700x80000000000000006520184Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.023{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\MsSpellCheckingFacility.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Spell Checking FacilityMicrosoft® Windows® Operating SystemMicrosoft CorporationMsSpellCheckingFacility.dllMD5=C0079D2D05B1563423C2BF0AED09CE87,SHA256=B55921D0A70FC3F5097010F49C6342E47F30F6B6EB4475CC4F7683954A00836EtrueMicrosoft WindowsValid 734700x80000000000000006520177Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:06.007{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\msproof7.dll16.0.55555.10000Proofing ServicesNatural Language ComponentsMicrosoft CorporationMSProof7.dllMD5=0B5AE10DC8D082C28CD1F7C66DBF6063,SHA256=53075E69BF554B0560B3E0B5E726B4F34326DBD0967EE29DC84E1AF8778A51B8trueMicrosoft CorporationValid 734700x80000000000000006520325Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:07.409{4DF467A6-46DE-613A-8EFB-00000000F001}500C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\actxprxy.dll10.0.14393.3808 (rs1_release.200707-2105)ActiveX Interface Marshaling LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationActXPrxy.dllMD5=087C47C19BBFCB9F4932C03C0189E86B,SHA256=9BEE35FBFA2E595372D82E8858BE46CE7717E0399996960398BC238F4D0E5207trueMicrosoft WindowsValid 734700x80000000000000006520512Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:18.271{4DF467A6-4702-613A-99FB-00000000F001}3140C:\Windows\System32\dllhost.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006520511Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:18.271{4DF467A6-4702-613A-99FB-00000000F001}3140C:\Windows\System32\dllhost.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006520510Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:18.271{4DF467A6-4702-613A-99FB-00000000F001}3140C:\Windows\System32\dllhost.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36trueMicrosoft WindowsValid 734700x80000000000000006520509Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:18.271{4DF467A6-4702-613A-99FB-00000000F001}3140C:\Windows\System32\dllhost.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430DtrueMicrosoft WindowsValid 734700x80000000000000006520508Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:18.271{4DF467A6-4702-613A-99FB-00000000F001}3140C:\Windows\System32\dllhost.exeC:\Windows\System32\thumbcache.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Thumbnail CacheMicrosoft® Windows® Operating SystemMicrosoft Corporationthumbcache.dllMD5=C146766884A92B154F2EB38463F2263D,SHA256=48C5CC7760187EDB140A904D3AC5FD24F740973CDBA07962047859F84E7BEB9CtrueMicrosoft WindowsValid 734700x80000000000000006520505Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:18.255{4DF467A6-4702-613A-99FB-00000000F001}3140C:\Windows\System32\dllhost.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12trueMicrosoft WindowsValid 734700x80000000000000006520504Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:18.255{4DF467A6-4702-613A-99FB-00000000F001}3140C:\Windows\System32\dllhost.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002AtrueMicrosoft WindowsValid 734700x80000000000000006520503Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:18.255{4DF467A6-4702-613A-99FB-00000000F001}3140C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006520502Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:18.255{4DF467A6-4702-613A-99FB-00000000F001}3140C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006520501Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:18.255{4DF467A6-4702-613A-99FB-00000000F001}3140C:\Windows\System32\dllhost.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006520500Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:18.255{4DF467A6-4702-613A-99FB-00000000F001}3140C:\Windows\System32\dllhost.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006520499Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:18.255{4DF467A6-4702-613A-99FB-00000000F001}3140C:\Windows\System32\dllhost.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006520497Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:18.255{4DF467A6-4702-613A-99FB-00000000F001}3140C:\Windows\System32\dllhost.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006520496Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:18.255{4DF467A6-4702-613A-99FB-00000000F001}3140C:\Windows\System32\dllhost.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006520495Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:18.255{4DF467A6-4702-613A-99FB-00000000F001}3140C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006520494Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:18.255{4DF467A6-4702-613A-99FB-00000000F001}3140C:\Windows\System32\dllhost.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006520493Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:18.255{4DF467A6-4702-613A-99FB-00000000F001}3140C:\Windows\System32\dllhost.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006520492Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:18.255{4DF467A6-4702-613A-99FB-00000000F001}3140C:\Windows\System32\dllhost.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006520491Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:18.255{4DF467A6-4702-613A-99FB-00000000F001}3140C:\Windows\System32\dllhost.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006520489Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:18.255{4DF467A6-4702-613A-99FB-00000000F001}3140C:\Windows\System32\dllhost.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006520488Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:18.255{4DF467A6-4702-613A-99FB-00000000F001}3140C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006520487Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:18.255{4DF467A6-4702-613A-99FB-00000000F001}3140C:\Windows\System32\dllhost.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006520486Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:18.255{4DF467A6-4702-613A-99FB-00000000F001}3140C:\Windows\System32\dllhost.exeC:\Windows\System32\dllhost.exe10.0.14393.0 (rs1_release.160715-1616)COM SurrogateMicrosoft® Windows® Operating SystemMicrosoft Corporationdllhost.exeMD5=DA63852A2B0340E94D74EAF0CD444979,SHA256=EE8364C07B3F4F71FA649E0E6C4C73C15D285130E4B16E79890EEBBF89C2164EtrueMicrosoft WindowsValid 734700x80000000000000006520686Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:35.122{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006520685Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:35.122{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\taskschd.dll10.0.14393.4402 (rs1_release.210426-1725)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=76BF5CA81C749140E05C7519B13B299E,SHA256=D5CBDB2EEE67E582198F9DB213EC95DF9107F08D646E67FFA723066CC434B515trueMicrosoft WindowsValid 734700x80000000000000006520684Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:35.122{4DF467A6-46DF-613A-90FB-00000000F001}6032C:\Windows\System32\sppsvc.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006520742Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:40:42.804{4DF467A6-3F48-6132-1400-00000000F001}1056C:\Windows\System32\svchost.exeC:\Windows\System32\OnDemandConnRouteHelper.dll10.0.14393.4169 (rs1_release.210107-1130)On Demand Connctiond Route HelperMicrosoft® Windows® Operating SystemMicrosoft CorporationOnDemandConnRouteHelper.dllMD5=BAE78E97BEBB832376654560305922E3,SHA256=6A188DC4F1005E46CCA529E9C757D9B3B5F98E5587AFAA5E4200C7DD2AC73355trueMicrosoft WindowsValid