734700x80000000000000006495712Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.983{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006495710Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.968{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006495709Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.968{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006495707Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.852{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006495706Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.852{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006495705Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.852{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006495703Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.852{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006495701Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.852{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006495700Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.852{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006495699Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.852{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006495698Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.852{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006495697Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006495696Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006495695Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006495694Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006495693Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006495692Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006495691Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006495690Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006495689Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006495688Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006495687Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006495686Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006495685Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006495684Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006495683Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006495682Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006495681Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006495680Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006495679Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006495678Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006495677Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006495676Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006495675Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006495674Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006495673Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006495672Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006495671Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006495669Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006495668Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006495667Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006495666Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.836{4DF467A6-427F-613A-FCFA-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006495652Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.337{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006495650Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.337{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006495649Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.337{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006495644Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.206{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006495620Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.206{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006495598Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.206{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006495596Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.206{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006495586Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.206{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006495583Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.206{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006495568Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.206{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006495566Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.206{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006495565Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.202{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006495564Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.202{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006495563Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.201{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006495562Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.201{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006495561Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.201{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006495560Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.201{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006495559Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.200{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006495558Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006495557Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006495556Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006495555Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006495554Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006495553Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006495552Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006495551Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006495550Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006495549Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006495548Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006495547Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006495546Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006495545Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006495544Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006495543Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006495542Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006495541Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006495540Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006495539Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006495538Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006495536Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006495535Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006495534Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006495533Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:03.184{4DF467A6-427F-613A-FBFA-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006495778Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.551{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006495777Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.551{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006495776Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.551{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006495774Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006495773Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006495772Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006495770Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006495768Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006495767Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006495766Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006495765Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006495764Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006495763Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006495762Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006495761Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006495760Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006495759Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006495758Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006495757Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006495756Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006495755Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006495754Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006495753Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006495752Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006495751Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006495750Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006495749Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006495748Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006495747Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006495746Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006495745Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006495744Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006495743Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006495742Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006495741Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006495739Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006495738Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006495737Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006495736Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.420{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006495733Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.404{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006495732Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.404{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006495731Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.404{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006495730Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:04.404{4DF467A6-4280-613A-FDFA-00000000F001}6920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006495903Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.833{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006495902Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.833{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006495900Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.702{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006495899Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.702{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006495898Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.702{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006495896Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.701{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006495894Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.700{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006495893Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.700{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006495892Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.699{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006495891Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.699{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006495890Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.698{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006495889Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006495888Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006495887Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006495886Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006495885Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006495884Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006495883Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006495882Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006495881Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006495880Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006495879Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006495878Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006495877Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006495876Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006495875Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006495874Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006495873Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006495872Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006495871Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006495870Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006495869Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006495867Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006495865Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006495864Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006495863Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006495862Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006495861Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006495859Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006495856Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006495855Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006495854Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.681{4DF467A6-4281-613A-FFFA-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006495841Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.234{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006495839Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.234{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006495838Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.234{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006495834Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006495833Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006495832Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006495830Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006495828Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006495827Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006495826Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006495825Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006495822Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006495821Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006495820Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006495819Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006495818Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006495817Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006495816Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006495815Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006495814Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006495813Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006495812Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006495811Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006495810Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006495809Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006495808Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006495807Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006495806Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006495805Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006495804Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006495803Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006495802Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006495801Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006495800Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006495799Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006495798Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006495797Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006495796Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.103{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006495794Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.102{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006495793Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.102{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006495792Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.101{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006495791Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:05.101{4DF467A6-4281-613A-FEFA-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006495996Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.532{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006495995Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.532{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006495994Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.532{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006495992Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.401{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006495991Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.401{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006495990Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.401{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006495988Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.401{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006495986Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.401{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006495985Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.401{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006495984Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.401{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006495983Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.401{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006495978Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.396{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006495957Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006495956Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006495955Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006495954Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006495953Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006495952Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006495951Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006495950Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006495949Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006495948Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006495947Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006495946Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006495945Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006495944Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006495943Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006495942Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006495941Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006495940Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006495939Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006495938Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006495937Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006495936Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006495935Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006495934Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006495933Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006495932Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006495931Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006495929Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006495927Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006495926Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006495925Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006495921Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006495920Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006495919Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006495918Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:06.380{4DF467A6-4282-613A-00FB-00000000F001}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006496096Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.247{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006496095Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.247{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006496094Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.247{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006496086Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006496068Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006496067Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006496066Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006496063Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006496061Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006496060Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006496059Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006496056Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006496055Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006496054Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006496053Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006496052Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006496051Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006496050Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006496049Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006496048Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006496047Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006496046Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006496045Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006496044Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006496043Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006496042Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006496041Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006496040Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006496039Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006496038Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006496037Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006496036Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006496035Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006496034Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006496033Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006496032Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006496031Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006496030Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006496029Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006496027Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.100{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006496026Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.099{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006496025Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.099{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006496024Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:07.098{4DF467A6-4283-613A-01FB-00000000F001}7336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006496192Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:13.491{4DF467A6-4262-613A-FAFA-00000000F001}5052C:\Windows\System32\sppsvc.exeC:\Windows\System32\taskschd.dll10.0.14393.4402 (rs1_release.210426-1725)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=76BF5CA81C749140E05C7519B13B299E,SHA256=D5CBDB2EEE67E582198F9DB213EC95DF9107F08D646E67FFA723066CC434B515trueMicrosoft WindowsValid 734700x80000000000000006496154Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:13.491{4DF467A6-4262-613A-FAFA-00000000F001}5052C:\Windows\System32\sppsvc.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006496152Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:21:13.486{4DF467A6-4262-613A-FAFA-00000000F001}5052C:\Windows\System32\sppsvc.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006496900Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.620{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006496899Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.620{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006496898Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.620{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006496896Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.498{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006496895Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.498{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006496894Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.498{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006496892Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.498{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006496890Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.498{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006496889Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.498{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006496888Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.498{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006496887Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.498{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006496886Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006496885Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006496884Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006496883Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006496882Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006496881Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006496880Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006496879Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006496878Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006496877Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006496876Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006496875Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006496874Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006496873Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006496872Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006496871Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006496870Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006496869Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006496868Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006496867Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006496866Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006496865Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006496864Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006496863Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006496862Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006496861Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006496860Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006496859Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006496858Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006496857Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006496856Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006496855Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006496853Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006496852Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006496851Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006496850Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:02.483{4DF467A6-42BA-613A-02FB-00000000F001}5832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006497028Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.949{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006497026Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.949{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006497025Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.949{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006497021Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006497020Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006497019Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006497017Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006497015Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006497014Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006497013Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006497012Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006497011Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006497010Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006497009Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006497008Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006497007Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006497006Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006497005Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006497004Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006497003Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006497002Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006497001Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006497000Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006496999Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006496998Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006496997Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006496996Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006496995Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006496994Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006496993Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006496992Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.818{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006496991Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.817{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006496990Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.817{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006496989Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.817{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006496988Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.817{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006496987Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.817{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006496986Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.817{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006496985Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.817{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006496984Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.816{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006496982Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.815{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006496981Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.815{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006496980Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.814{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006496979Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.814{4DF467A6-42BB-613A-04FB-00000000F001}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006496965Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.266{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006496963Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.266{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006496962Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.266{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006496959Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006496958Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006496957Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006496955Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006496953Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006496952Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006496951Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006496950Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006496949Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006496948Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006496947Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006496946Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006496945Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006496944Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006496943Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006496942Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006496941Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006496940Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006496939Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006496938Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006496937Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006496936Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006496935Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006496934Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006496933Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006496932Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.135{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006496931Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.119{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006496930Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.119{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006496929Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.119{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006496928Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.119{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006496927Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.119{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006496926Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.119{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006496925Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.119{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006496924Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.119{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006496923Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.119{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006496921Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.119{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006496920Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.119{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006496919Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.119{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006496918Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:03.119{4DF467A6-42BB-613A-03FB-00000000F001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006497092Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.648{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006497090Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.648{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006497089Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.648{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006497086Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006497085Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006497084Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006497082Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006497080Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006497079Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006497078Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006497077Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006497076Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006497075Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006497074Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006497073Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006497072Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006497071Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006497070Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006497069Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006497068Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006497067Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006497066Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006497065Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006497064Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006497063Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006497062Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006497061Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006497060Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006497059Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006497058Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006497057Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006497056Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006497055Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006497054Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006497053Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006497052Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.517{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006497051Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.516{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006497050Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.516{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006497048Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.514{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006497047Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.514{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006497046Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.513{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006497045Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:04.513{4DF467A6-42BC-613A-05FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006497211Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.912{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006497210Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.911{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006497209Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.911{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006497207Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.910{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006497205Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.909{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006497204Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006497203Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006497202Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006497201Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006497200Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006497199Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006497198Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006497197Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006497196Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006497195Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006497194Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006497193Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006497192Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006497191Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006497190Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006497189Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006497188Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006497187Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006497186Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006497185Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006497184Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006497183Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006497182Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006497181Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006497180Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006497179Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006497178Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006497177Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006497176Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006497175Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006497174Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006497172Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006497171Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006497170Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006497169Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.893{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006497153Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.331{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006497152Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.331{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006497150Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.214{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006497149Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.213{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006497148Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.213{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006497146Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.212{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006497144Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.211{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006497143Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.211{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006497142Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.210{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006497141Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.210{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006497140Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006497139Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006497138Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006497137Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006497136Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006497135Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006497134Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006497133Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006497132Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006497131Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006497130Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006497129Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006497128Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006497127Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006497126Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006497125Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006497124Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006497123Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006497122Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006497121Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006497120Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006497119Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006497118Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006497117Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006497116Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006497115Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006497114Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006497113Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006497111Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006497110Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006497109Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006497108Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:05.194{4DF467A6-42BD-613A-06FB-00000000F001}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006497277Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.729{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006497276Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.729{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006497275Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.729{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006497273Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.611{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006497272Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.611{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006497271Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.610{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006497269Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.610{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006497267Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.608{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006497266Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.608{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006497265Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.608{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006497264Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006497263Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006497262Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006497261Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006497260Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006497259Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006497258Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006497257Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006497256Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006497255Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006497254Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006497253Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006497252Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006497251Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006497250Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006497249Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006497248Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006497247Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006497246Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006497245Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006497244Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006497243Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006497242Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006497241Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006497240Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006497239Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006497238Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006497237Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006497236Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006497234Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006497233Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006497232Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006497231Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.592{4DF467A6-42BE-613A-08FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006497217Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.030{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006497216Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.030{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006497215Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:22:06.030{4DF467A6-42BD-613A-07FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006498389Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006498388Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006498387Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006498385Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006498383Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006498382Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006498381Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006498380Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006498379Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006498378Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006498377Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006498376Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006498375Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006498374Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006498373Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006498372Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006498371Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006498370Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006498369Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006498368Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006498367Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006498366Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006498365Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006498364Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006498363Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006498362Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006498361Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006498360Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006498359Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006498358Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006498357Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006498356Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006498355Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006498354Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006498353Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006498352Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006498351Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006498350Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.894{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006498349Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.878{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006498348Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.878{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006498346Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.878{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006498345Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.878{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006498344Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.878{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006498343Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.878{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006498326Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.494{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006498324Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.494{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006498323Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.494{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006498322Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006498321Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006498320Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006498318Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006498316Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006498315Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006498314Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006498313Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006498312Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006498311Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006498310Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006498309Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006498308Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006498307Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006498306Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006498305Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006498304Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006498303Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006498302Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006498301Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006498300Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006498299Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006498298Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006498297Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006498296Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.363{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006498295Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006498294Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006498293Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006498292Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006498291Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006498290Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006498289Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006498288Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006498287Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006498286Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006498284Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006498283Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006498282Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006498281Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:02.348{4DF467A6-42F6-613A-09FB-00000000F001}6544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006498460Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.709{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006498458Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.709{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006498457Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.709{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006498456Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.593{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006498455Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.593{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006498454Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.593{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006498452Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.593{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006498450Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.593{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006498449Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.593{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006498448Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006498447Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006498446Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006498445Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006498444Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006498443Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006498442Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006498441Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006498440Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006498438Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006498437Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006498436Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006498435Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006498433Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006498432Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006498431Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006498430Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006498429Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006498428Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006498427Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006498426Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006498425Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006498424Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006498423Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006498422Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006498421Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006498420Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006498419Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006498418Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006498416Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006498415Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006498414Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006498413Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.578{4DF467A6-42F7-613A-0BFB-00000000F001}6808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006498395Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.031{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006498394Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.031{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006498393Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:03.031{4DF467A6-42F6-613A-0AFB-00000000F001}7228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006498590Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.976{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006498589Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.976{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006498588Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.976{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006498582Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006498581Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006498580Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006498578Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006498576Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006498575Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006498574Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006498573Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006498572Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006498571Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006498570Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006498569Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006498568Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006498567Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006498566Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006498565Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006498564Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006498563Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006498562Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006498561Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006498560Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006498559Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006498558Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006498557Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006498556Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006498555Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006498554Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006498553Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006498552Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006498551Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.844{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006498550Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.829{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006498549Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.829{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006498548Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.829{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006498547Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.829{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006498546Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.829{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006498545Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.829{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006498543Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.829{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006498542Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.829{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006498541Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.829{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006498540Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.829{4DF467A6-42F8-613A-0DFB-00000000F001}7204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006498524Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.376{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006498523Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.376{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006498520Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.261{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006498519Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.261{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006498518Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.261{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006498516Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006498514Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006498513Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006498512Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006498511Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006498510Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006498509Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006498508Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006498507Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006498506Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006498505Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006498504Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006498503Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006498502Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006498501Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006498500Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006498499Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006498498Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006498497Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006498496Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006498495Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006498494Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006498493Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006498492Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006498491Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006498490Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006498489Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006498488Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006498487Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006498486Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006498485Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006498484Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006498483Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006498481Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.245{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006498480Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.230{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006498479Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.230{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006498478Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:04.230{4DF467A6-42F8-613A-0CFB-00000000F001}7364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006498652Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.675{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006498650Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.659{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006498649Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.659{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006498647Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006498646Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006498645Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006498643Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006498641Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006498640Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006498639Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006498638Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006498637Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006498636Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006498635Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006498634Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006498633Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006498632Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006498631Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006498630Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006498629Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006498628Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006498627Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006498626Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006498625Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006498624Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006498623Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006498622Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.528{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006498621Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.527{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006498620Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.527{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006498619Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.527{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006498618Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.527{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006498617Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.527{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006498616Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.527{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006498615Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.527{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006498614Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.527{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006498613Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.527{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006498612Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.527{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006498611Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.526{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006498610Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.526{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006498608Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.525{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006498607Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.525{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006498606Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.524{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006498605Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:05.524{4DF467A6-42F9-613A-0EFB-00000000F001}6404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006498714Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.358{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006498713Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.358{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006498712Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.358{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006498710Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006498709Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006498708Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006498706Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006498704Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006498703Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006498702Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006498701Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006498700Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006498699Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006498698Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006498697Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006498696Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006498695Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006498694Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006498693Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006498692Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006498691Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006498690Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006498689Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006498688Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006498687Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006498686Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006498685Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006498684Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006498683Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006498682Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006498681Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006498680Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.227{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006498679Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.226{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006498678Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.226{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006498677Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.226{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006498676Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.226{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006498675Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.225{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006498674Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.225{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006498673Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.225{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006498671Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.224{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006498670Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.224{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006498669Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.223{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006498668Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:23:06.223{4DF467A6-42FA-613A-0FFB-00000000F001}7760C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006499362Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.479{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006499361Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.479{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006499360Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.479{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006499359Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006499358Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006499357Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006499355Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006499353Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006499352Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006499351Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006499350Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006499349Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006499348Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006499347Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006499346Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006499345Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006499344Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006499343Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006499342Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006499341Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006499340Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006499339Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006499338Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006499337Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006499336Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006499335Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006499334Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006499333Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006499332Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006499331Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006499330Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006499329Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006499328Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.348{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006499327Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.347{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006499326Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.347{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006499325Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.347{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006499324Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.347{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006499323Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.347{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006499322Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.347{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006499320Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.345{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006499319Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.345{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006499318Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.345{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006499317Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:02.344{4DF467A6-4332-613A-10FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006499498Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.861{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006499496Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.861{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006499495Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.861{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006499494Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.744{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006499493Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.743{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006499492Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.743{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006499490Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.742{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006499488Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.741{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006499487Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.740{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006499486Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.740{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006499485Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.740{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006499484Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006499483Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006499482Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006499481Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006499480Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006499479Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006499478Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006499477Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006499476Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006499475Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006499474Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006499473Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006499472Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006499471Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006499470Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006499469Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006499468Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006499467Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006499466Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006499465Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006499464Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006499463Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006499462Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006499461Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006499460Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006499459Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006499458Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006499456Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006499455Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006499454Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006499453Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.724{4DF467A6-4333-613A-12FB-00000000F001}6220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006499431Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.178{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006499429Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.178{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006499428Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.178{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006499426Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006499425Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006499424Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006499422Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006499420Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006499419Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006499418Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006499417Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006499416Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006499415Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006499414Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006499413Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006499412Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006499411Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006499410Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006499409Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006499408Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006499407Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006499406Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006499405Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006499404Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006499403Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006499402Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006499401Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.047{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006499400Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.046{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006499399Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.046{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006499398Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.046{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006499397Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.046{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006499396Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.046{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006499395Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.046{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006499394Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.045{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006499393Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.045{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006499392Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.045{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006499391Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.045{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006499390Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.045{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006499388Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.044{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006499387Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.043{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006499386Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.043{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006499385Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:03.043{4DF467A6-4333-613A-11FB-00000000F001}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006499689Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006499688Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006499687Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36trueMicrosoft WindowsValid 734700x80000000000000006499686Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430DtrueMicrosoft WindowsValid 734700x80000000000000006499685Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\thumbcache.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Thumbnail CacheMicrosoft® Windows® Operating SystemMicrosoft Corporationthumbcache.dllMD5=C146766884A92B154F2EB38463F2263D,SHA256=48C5CC7760187EDB140A904D3AC5FD24F740973CDBA07962047859F84E7BEB9CtrueMicrosoft WindowsValid 734700x80000000000000006499682Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12trueMicrosoft WindowsValid 734700x80000000000000006499681Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002AtrueMicrosoft WindowsValid 734700x80000000000000006499680Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006499679Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006499678Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006499677Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006499676Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006499674Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006499673Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006499672Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006499671Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006499670Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006499669Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006499668Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006499666Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006499665Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006499664Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006499663Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.676{4DF467A6-4334-613A-14FB-00000000F001}6920C:\Windows\System32\dllhost.exeC:\Windows\System32\dllhost.exe10.0.14393.0 (rs1_release.160715-1616)COM SurrogateMicrosoft® Windows® Operating SystemMicrosoft Corporationdllhost.exeMD5=DA63852A2B0340E94D74EAF0CD444979,SHA256=EE8364C07B3F4F71FA649E0E6C4C73C15D285130E4B16E79890EEBBF89C2164EtrueMicrosoft WindowsValid 734700x80000000000000006499655Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.523{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006499654Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.523{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006499652Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.392{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006499651Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.392{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006499650Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.392{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006499648Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.392{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006499646Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.392{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006499645Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.392{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006499644Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.392{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006499643Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.392{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006499642Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.392{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006499641Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006499640Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006499639Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006499638Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006499637Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006499636Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006499635Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006499634Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006499633Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006499632Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006499631Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006499630Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006499629Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006499628Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006499627Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006499626Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006499625Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006499624Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006499623Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006499622Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006499621Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006499620Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006499619Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006499618Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006499617Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006499616Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006499615Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006499613Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006499612Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006499611Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006499610Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:04.376{4DF467A6-4334-613A-13FB-00000000F001}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006499856Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.859{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006499855Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.859{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006499854Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.859{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006499853Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.743{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006499852Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.743{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006499851Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.743{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006499849Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.743{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006499847Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.743{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006499846Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.743{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006499845Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.743{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006499844Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.742{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006499843Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006499842Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006499841Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006499840Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006499839Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006499838Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006499837Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006499836Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006499835Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006499834Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006499833Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006499832Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006499831Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006499830Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006499829Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006499828Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006499827Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006499826Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006499825Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006499824Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006499823Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006499822Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006499821Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006499820Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006499819Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006499818Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006499817Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006499816Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006499815Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006499814Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006499813Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006499812Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006499810Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006499809Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006499808Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006499807Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.722{4DF467A6-4335-613A-16FB-00000000F001}6872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006499767Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.222{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006499765Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.207{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006499764Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.207{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006499761Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.091{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006499759Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.091{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006499758Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.091{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006499756Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006499755Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006499753Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006499752Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006499751Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006499750Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006499749Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006499748Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006499747Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006499746Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006499745Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006499744Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006499743Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006499742Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006499741Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006499740Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006499739Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006499738Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006499737Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006499736Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006499735Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006499734Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006499733Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006499732Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006499731Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006499730Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006499729Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006499728Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006499727Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006499726Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006499725Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006499724Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006499723Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006499721Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006499720Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006499719Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006499718Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:05.076{4DF467A6-4335-613A-15FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006499929Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.505{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006499928Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.505{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006499927Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.505{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006499926Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.389{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006499925Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.389{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006499924Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.389{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006499922Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.389{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006499920Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006499919Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006499918Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006499917Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006499916Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006499915Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006499914Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006499913Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006499912Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006499911Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006499910Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006499909Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006499908Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006499907Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006499906Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006499905Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006499904Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006499903Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006499902Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006499901Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006499900Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006499899Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006499898Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006499897Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006499896Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006499895Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006499894Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006499893Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006499892Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006499891Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006499890Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006499889Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006499887Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006499886Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006499885Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006499884Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:06.374{4DF467A6-4336-613A-17FB-00000000F001}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006499971Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:08.870{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\mydocs.dll10.0.14393.4169 (rs1_release.210107-1130)My Documents Folder UIMicrosoft® Windows® Operating SystemMicrosoft Corporationmydocs.dllMD5=999FD44CF5713852E6083A43A7917761,SHA256=D5C75951C29B7F0AAA4EC9E9AB3195933E650C1F171092F389FD4DB66CA1CA20trueMicrosoft WindowsValid 734700x80000000000000006499969Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:08.870{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\sendmail.dll10.0.14393.4169 (rs1_release.210107-1130)Send MailMicrosoft® Windows® Operating SystemMicrosoft CorporationSENDMAIL.DLLMD5=04626525E567811FC7ECB3E31D94F8B0,SHA256=678A3A9DD713DC61F72112BD3160B8753F1A50D1179FDFABD265C32103980A6AtrueMicrosoft WindowsValid 734700x80000000000000006500035Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:11.352{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\wpdshext.dll10.0.14393.4169 (rs1_release.210107-1130)Portable Devices Shell ExtensionMicrosoft® Windows® Operating SystemMicrosoft CorporationWpdShExt.dllMD5=CEB555E9099888316A1E2ADE83BA82BF,SHA256=4110FFD5F08100D1F6E1005E2907460E40B3221A0833B821BE291657416E89F0trueMicrosoft WindowsValid 734700x80000000000000006500654Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.828{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\directmanipulation.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Direct Manipulation ComponentMicrosoft® Windows® Operating SystemMicrosoft Corporationdirectmanipulation.dllMD5=EA7CE188E0D1E66C361C8B87304EACDE,SHA256=9ADCA2B7554173A0FD8833F65935C151B09A5D790F46E9EC4EE25E9622F1159AtrueMicrosoft WindowsValid 734700x80000000000000006500653Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.828{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\sxs.dll10.0.14393.4169 (rs1_release.210107-1130)Fusion 2.5Microsoft® Windows® Operating SystemMicrosoft CorporationSXS.DLLMD5=54FB18CA661D074CBB60D5A58D40C8D3,SHA256=A2BD6160222A216F8A6830C1273662F8AE88F53D2CE6DA5893FF70D146A0A2B0trueMicrosoft WindowsValid 734700x80000000000000006500640Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.791{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\msvcp110_win.dll10.0.14393.2007 (rs1_release.171231-1800)Microsoft® STL110 C++ Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp110_win.dllMD5=BFB390484F611C21582AD11E4C6ADEF2,SHA256=30B5AD268C022FCA2AACAE2CB6E4DC36F6A01C16A006046BB4417CEA96DA4F5AtrueMicrosoft WindowsValid 734700x80000000000000006500614Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.791{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\policymanager.dll10.0.14393.4169 (rs1_release.210107-1130)Policy Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPolicyManager.dllMD5=58677E3FBF7D29109E8EB578062F1C81,SHA256=F751521EBC10CC1F0BC6AAB2715B9169439A014F178A7D6880080567D880C103trueMicrosoft WindowsValid 734700x80000000000000006500613Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.791{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\thumbcache.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Thumbnail CacheMicrosoft® Windows® Operating SystemMicrosoft Corporationthumbcache.dllMD5=C146766884A92B154F2EB38463F2263D,SHA256=48C5CC7760187EDB140A904D3AC5FD24F740973CDBA07962047859F84E7BEB9CtrueMicrosoft WindowsValid 734700x80000000000000006500608Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.775{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\oleacc.dll7.2.14393.4169 (rs1_release.210107-1130)Active Accessibility Core ComponentMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEACC.DLLMD5=1B04659F0A22BFE9142B6AD36467ACEA,SHA256=67BC7C19D71FB98A7B5882B0F2BFC8F2E4491B4ACBE23EE545D54FFCAEC808E9trueMicrosoft WindowsValid 734700x80000000000000006500588Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.791{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\WindowsCodecs.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Windows Codecs LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationWindowsCodecsMD5=B791899A46FD151559658F4F86C3C6F5,SHA256=E559B36A3CC2261C16916F2D49FA351DC4E21E5EC581AC43547ABA16F70CDA7EtrueMicrosoft WindowsValid 734700x80000000000000006500579Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.775{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\edputil.dll10.0.14393.2608 (rs1_release.181024-1742)EDP utilMicrosoft® Windows® Operating SystemMicrosoft CorporationEDPUTIL.DLLMD5=75AC86B00CE4C64B02B105A55CA35628,SHA256=DB31A2345E3BB8DC79BFB4CC29615E3B8B7638AE80BFEC45FA57852669A592AEtrueMicrosoft WindowsValid 734700x80000000000000006500576Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.775{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\UIAnimation.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Animation ManagerMicrosoft® Windows® Operating SystemMicrosoft CorporationUIAnimation.DLLMD5=7F8B0CD5AB8C3E677B98400A2E7C3A75,SHA256=D49C09FBF9BD077A81CB9DA8DE09D2EB1835BCF5F0153373DCE6B484A0F64227trueMicrosoft WindowsValid 734700x80000000000000006500551Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.775{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\dcomp.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft DirectComposition LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationdcomp.dllMD5=40873566DBFF13981CA1AE23AC281C5D,SHA256=E52C4619C837358454B969D31E2E14ACDEDABB384272D48C03E4F0AF9A2C2B6EtrueMicrosoft WindowsValid 734700x80000000000000006500539Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.775{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\ResourcePolicyClient.dll10.0.14393.3808 (rs1_release.200707-2105)Resource Policy ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationResourcePolicyClient.dllMD5=8FD5FEFE4E020BBC2D95F07BCDC84F71,SHA256=E5E351822CCDEBF81C47C4CA1D5C158E2880C1BD29CA024D163FD9316F3046AEtrueMicrosoft WindowsValid 734700x80000000000000006500538Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.760{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\BCP47Langs.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)BCP47 Language ClassesMicrosoft® Windows® Operating SystemMicrosoft CorporationBCP47Lang.dllMD5=F688C2B9DD2EB56C3B0312B6380338AA,SHA256=B22DB210486D3B5F4EEB17900C5E7AA0EEFEDBB068A0C4858EFE9F8018C34628trueMicrosoft WindowsValid 734700x80000000000000006500524Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.775{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\d3d10warp.dll10.0.14393.2608 (rs1_release.181024-1742)Direct3D 10 RasterizerMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D10Warp.dllMD5=B69F0419A16A616FE2D779EC98CD7FB9,SHA256=2D10B43F2137433E48A009227487C691E312D186691485D33B4FDF90D8423C9DtrueMicrosoft WindowsValid 734700x80000000000000006500522Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.775{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\dxgi.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)DirectX Graphics InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationdxgi.dllMD5=3C32D763740C83DB2C44DEA4B6F18C54,SHA256=ED26DBB9C3656767CA25887CDC3B45CF978AFC75E064FF5457A36C7A69E55223trueMicrosoft WindowsValid 734700x80000000000000006500521Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.775{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\d3d11.dll10.0.14393.4467 (rs1_release.210604-1844)Direct3D 11 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D11.dllMD5=F940A91B13592184F228ECC14D8D9358,SHA256=2BC05A4D09CDBAB8DB5F767DC95F31B2CA324928A94F004C7C2968E3E9E635E2trueMicrosoft WindowsValid 734700x80000000000000006500516Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.760{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\duser.dll10.0.14393.0 (rs1_release.160715-1616)Windows DirectUser EngineMicrosoft® Windows® Operating SystemMicrosoft CorporationDUser.DLLMD5=42D5E1F8641E9DCEE0D8751F6F7A8961,SHA256=9168110EF404BF179888AF4A0F02B2817F020BFB16351778F2DDD6915C92F190trueMicrosoft WindowsValid 734700x80000000000000006500495Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.760{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\DWrite.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=1875083243EE498D0B2BB6B025AD7520,SHA256=A3FA592126642537BF6F0E4E9750A43A899525FE616DE899ABD7F26A9E7620C4trueMicrosoft WindowsValid 734700x80000000000000006500493Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.760{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\msctf.dll10.0.14393.4530 (rs1_release.210705-0736)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=E2374A214A9F0C8347C29EBDE3447986,SHA256=F2260FE7E0C4E92D49CF0F550E2A1B3D3F1D2D76E6F5C8F16B0E16B6117D9EE1trueMicrosoft WindowsValid 734700x80000000000000006500488Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.728{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176trueMicrosoft WindowsValid 734700x80000000000000006500466Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.744{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\dui70.dll10.0.14393.4169 (rs1_release.210107-1130)Windows DirectUI EngineMicrosoft® Windows® Operating SystemMicrosoft CorporationDUI70.DLLMD5=C3DC010AC7F5880CC7BE626566FC4130,SHA256=3ED6E9D0AF769B0BFBE94DFF4CC07A94A81271133FBB60C9EB02676C92FFB87EtrueMicrosoft WindowsValid 734700x80000000000000006500463Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.728{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\Windows.UI.Immersive.dll10.0.14393.4583 (rs1_release.210730-1850)WINDOWS.UI.IMMERSIVEMicrosoft® Windows® Operating SystemMicrosoft CorporationWINDOWS.UI.IMMERSIVE.dllMD5=C3ABC6F71036CD4F4FD947774D2B12F0,SHA256=F747F8236190DD21A19554C97D8C027C6A5EC080EF327CCD6E8359E1B164E32EtrueMicrosoft WindowsValid 734700x80000000000000006500431Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.744{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84BtrueMicrosoft WindowsValid 734700x80000000000000006500430Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.728{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\UIAutomationCore.dll7.2.14393.4169 (rs1_release.210107-1130)Microsoft UI Automation CoreMicrosoft® Windows® Operating SystemMicrosoft CorporationUIAutomationCore.dllMD5=9B2DCFE11EEBDDC18A8F5964E04E64A0,SHA256=5CBC5B45B9EB5B4EF1360005CD675D20D7EE9FE588DA24543FF7C9ACB88317FFtrueMicrosoft WindowsValid 734700x80000000000000006500416Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.707{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\OneCoreCommonProxyStub.dll10.0.14393.2395 (rs1_release_inmarket.180714-1932)OneCore Common Proxy StubMicrosoft® Windows® Operating SystemMicrosoft CorporationOneCoreCommonProxyStub.dllMD5=02CEC1566FB0709923FF7A9FEC254D96,SHA256=81BED60AEB79C489E9F79996A3F0AB626E6CA247EBB656B6B9897C47A39F6AFBtrueMicrosoft WindowsValid 734700x80000000000000006500388Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.691{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\twinapi.appcore.dll10.0.14393.4169 (rs1_release.210107-1130)twinapi.appcoreMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.appcore.dllMD5=B877C5BDEA2215B3D3CF89F645EB535C,SHA256=2F5468CC4277C8CB4B2AD1095AFC739ECAE0F0B6EE78E57BF64A97F3BDA54C19trueMicrosoft WindowsValid 734700x80000000000000006500344Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.660{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899trueMicrosoft WindowsValid 734700x80000000000000006500323Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.660{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CAtrueMicrosoft WindowsValid 734700x80000000000000006500300Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.691{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006500299Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.691{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\WinTypes.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Base Types DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWinTypes.dllMD5=9F209F29ABFF007F55328BCC36367005,SHA256=7F2CBE9B349062DFD782032D50C335E6C292EC5F509746941982A7161F24ED84trueMicrosoft WindowsValid 734700x80000000000000006500298Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.691{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\WinTypes.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Base Types DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWinTypes.dllMD5=9F209F29ABFF007F55328BCC36367005,SHA256=7F2CBE9B349062DFD782032D50C335E6C292EC5F509746941982A7161F24ED84trueMicrosoft WindowsValid 734700x80000000000000006500297Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.691{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=74621C6ABE4E9A568DF0A38E7282D71E,SHA256=0788A092D47800D0EB120A7DBB9E59234D0722A4A2E80ECE6CE70E3A84A3750AtrueMicrosoft WindowsValid 734700x80000000000000006500296Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.691{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\twinui.dll10.0.14393.4530 (rs1_release.210705-0736)TWINUIMicrosoft® Windows® Operating SystemMicrosoft CorporationTWINUI.dllMD5=F15DB5648B67AF232484A125712E518B,SHA256=A0E7EA737137B18751C52E86E51A13DB2D527265EB017FA3072746903FD9BF01trueMicrosoft WindowsValid 734700x80000000000000006500292Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.660{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\windows.storage.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=1D7997E3AFC26B85024D33F835E18056,SHA256=B2376967E156D4971FB66059F6367030AF937943D2EBF80AF856E643B6E95BBFtrueMicrosoft WindowsValid 734700x80000000000000006500270Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.691{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36trueMicrosoft WindowsValid 734700x80000000000000006500269Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.691{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006500268Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.691{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006500267Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.691{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\actxprxy.dll10.0.14393.3808 (rs1_release.200707-2105)ActiveX Interface Marshaling LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationActXPrxy.dllMD5=087C47C19BBFCB9F4932C03C0189E86B,SHA256=9BEE35FBFA2E595372D82E8858BE46CE7717E0399996960398BC238F4D0E5207trueMicrosoft WindowsValid 734700x80000000000000006500266Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.691{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006500264Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.675{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006500261Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.675{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12trueMicrosoft WindowsValid 734700x80000000000000006500260Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.675{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002AtrueMicrosoft WindowsValid 734700x80000000000000006500259Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.675{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5trueMicrosoft WindowsValid 734700x80000000000000006500258Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.660{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006500257Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.660{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006500256Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.660{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006500255Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.660{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575trueMicrosoft WindowsValid 734700x80000000000000006500253Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.660{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704trueMicrosoft WindowsValid 734700x80000000000000006500252Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\shell32.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=837B8644B9CE47EC28152E7D764886E0,SHA256=C5BA64473FB38E6B4592EAFA642AF82715CBC676190985D8D8D4150CE840044FtrueMicrosoft WindowsValid 734700x80000000000000006500251Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006500250Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006500249Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006500248Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006500245Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430DtrueMicrosoft WindowsValid 734700x80000000000000006500241Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\OpenWith.exe10.0.14393.4169 (rs1_release.210107-1130)Pick an appMicrosoft® Windows® Operating SystemMicrosoft CorporationOpenWith.exeMD5=196A5E5EF42F8CADACD75FAF17E18689,SHA256=8E9759AE4C7644BC975A2A33BC9E4D17C39B4D6DAAE19F7401181C05DC9D1B90trueMicrosoft WindowsValid 734700x80000000000000006500233Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006500222Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006500220Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006500219Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006500218Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006500216Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006500215Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006500213Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:16.644{4DF467A6-4340-613A-18FB-00000000F001}5168C:\Windows\System32\OpenWith.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006500993Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.984{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=74621C6ABE4E9A568DF0A38E7282D71E,SHA256=0788A092D47800D0EB120A7DBB9E59234D0722A4A2E80ECE6CE70E3A84A3750AtrueMicrosoft WindowsValid 734700x80000000000000006500973Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.984{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\sppc.dll10.0.14393.67 (rs1_release.160804-2231)Software Licensing Client DllMicrosoft® Windows® Operating SystemMicrosoft Corporationsppc.dllMD5=7CF84329545035CC0833119C7268A620,SHA256=49E3FA8B9F9ACB1A2CEDE37970361316C93286CEE7F70DE5985E7135498A4210trueMicrosoft WindowsValid 734700x80000000000000006500972Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.984{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\slc.dll10.0.14393.67 (rs1_release.160804-2231)Software Licensing Client DllMicrosoft® Windows® Operating SystemMicrosoft Corporationslc.dllMD5=060E11DCB875D981E948073986E295DC,SHA256=30858EA58F24537CC3369091F92AD70C59877BDB1FDF8DEC7762A7AB72DDE885trueMicrosoft WindowsValid 734700x80000000000000006500970Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.968{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dxgi.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)DirectX Graphics InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationdxgi.dllMD5=3C32D763740C83DB2C44DEA4B6F18C54,SHA256=ED26DBB9C3656767CA25887CDC3B45CF978AFC75E064FF5457A36C7A69E55223trueMicrosoft WindowsValid 734700x80000000000000006500944Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.968{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ResourcePolicyClient.dll10.0.14393.3808 (rs1_release.200707-2105)Resource Policy ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationResourcePolicyClient.dllMD5=8FD5FEFE4E020BBC2D95F07BCDC84F71,SHA256=E5E351822CCDEBF81C47C4CA1D5C158E2880C1BD29CA024D163FD9316F3046AEtrueMicrosoft WindowsValid 734700x80000000000000006500940Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.968{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\winsta.dll10.0.14393.0 (rs1_release.160715-1616)Winstation LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationwinsta.dllMD5=12668CEFEE3754CFA61C5699821668B3,SHA256=D0C81619EDE8B846D98417989684EF16DF3A053CC049C7281E40F3359AD5B570trueMicrosoft WindowsValid 734700x80000000000000006500937Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.968{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msctf.dll10.0.14393.4530 (rs1_release.210705-0736)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=E2374A214A9F0C8347C29EBDE3447986,SHA256=F2260FE7E0C4E92D49CF0F550E2A1B3D3F1D2D76E6F5C8F16B0E16B6117D9EE1trueMicrosoft WindowsValid 734700x80000000000000006500934Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.968{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12trueMicrosoft WindowsValid 734700x80000000000000006500933Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.953{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\d2d1.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft D2D LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationd2d1MD5=E15A420D82314AF63973D7D0AB3BA2DD,SHA256=C264B2FA1F3E67E558E2671807C06270926EF456F4FF83F1F9859B18184F187EtrueMicrosoft WindowsValid 734700x80000000000000006500929Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.953{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msi.dll5.0.14393.4530Windows InstallerWindows Installer - UnicodeMicrosoft Corporationmsi.dllMD5=4479EEB5C5400D4C084274BA015750FA,SHA256=6B30AE7147132038E603EEB2D35C35BB3D03EC5AFA560D31969E2D39A44ACDCDtrueMicrosoft WindowsValid 734700x80000000000000006500926Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.937{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5trueMicrosoft WindowsValid 734700x80000000000000006500924Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.921{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSO.DLL16.0.13801.20796Microsoft Office componentMicrosoft OfficeMicrosoft CorporationMSO.dllMD5=DEAB06C2DDF8959448455176D2A1754E,SHA256=49708B1D39D76B2E9F096B95BCB30B6601D3B5C8E1D84830740EC25FE8F38F39trueMicrosoft CorporationValid 734700x80000000000000006500923Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.921{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wtsapi32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Remote Desktop Session Host Server SDK APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationwtsapi32.dllMD5=D0DB3DD09FB2B4ADABF4E719FAFC4EB9,SHA256=8B7C056B5F4AB604ED5077A39C63CE1B5A34929DE76DA4A3C54D6E648D123BABtrueMicrosoft WindowsValid 734700x80000000000000006500922Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.921{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36trueMicrosoft WindowsValid 734700x80000000000000006500921Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.921{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso98win32client.dll16.0.13801.20808Microsoft Office componentMicrosoft OfficeMicrosoft CorporationMso98Win32Client.dllMD5=58F3352E3A0867817F759EA7940F2E10,SHA256=86AFDD63CFCA5B03D5265A2828F073CA401FE00B555B40AD9A0F7A193E200315trueMicrosoft CorporationValid 734700x80000000000000006500914Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.900{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wevtapi.dll10.0.14393.3053 (rs1_release_inmarket.190612-1836)Eventing Consumption and Configuration APIMicrosoft® Windows® Operating SystemMicrosoft Corporationwevtapi.dllMD5=E0D1C6AC18800339A2EC1134A7C899ED,SHA256=E4340ACB47A202B1BFCE678C44BA5B0B171E388021B0B7D0CED19A55AD9712E1trueMicrosoft WindowsValid 734700x80000000000000006500910Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.918{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso50win32client.dll16.0.13801.20442Microsoft Office componentMicrosoft OfficeMicrosoft CorporationMso50Win32Client.dllMD5=AF5E26C38079AF31CCAA732B6A351A0D,SHA256=C0BBDC787DCD21EF78B89B6C18C81A1ECC8F5B4D3C4E2F412525FD70039E667DtrueMicrosoft CorporationValid 734700x80000000000000006500895Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.915{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso40UIwin32client.dll16.0.13801.20840Microsoft Office componentMicrosoft OfficeMicrosoft Corporationmso40uiWin32Client.dllMD5=42CCB21CAB1B66AA9C7FF859A4BED97B,SHA256=76EFA67F0B7EA66DEAB42DB051DBCBA4B05EC04032B1D8AAE5E7761D7C6CA24FtrueMicrosoft CorporationValid 734700x80000000000000006500893Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.900{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso30win32client.dll16.0.13801.20840Microsoft Office componentMicrosoft OfficeMicrosoft CorporationMso30Win32Client.dllMD5=F4FDCEA65C429F01EEC45163F005B5E3,SHA256=F3FF96E7EBF9E4BB43170456395F09C1DAB832B1F66EBFAFF5EF54344DB929D5trueMicrosoft CorporationValid 734700x80000000000000006500892Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.900{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ntasn1.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft ASN.1 APIMicrosoft® Windows® Operating SystemMicrosoft Corporationntasn1.dllMD5=A45B23E8D2623CE3F760377766AF3E24,SHA256=E0A8F5055CD9E2AF029B8537E09EFFAF1F46C724CB720A6395DCF563EF70B843trueMicrosoft WindowsValid 734700x80000000000000006500881Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.900{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006500871Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.900{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ncrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows NCrypt RouterMicrosoft® Windows® Operating SystemMicrosoft Corporationncrypt.dllMD5=025DBE9D0F7AE719C64DE3A4555A7C0A,SHA256=1A223828A444E7797A9E00632DAE81AC3AC68B38786E67912B1C3FC6118FB6B4trueMicrosoft WindowsValid 734700x80000000000000006500866Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.900{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006500865Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.900{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\RstrtMgr.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)Restart ManagerMicrosoft® Windows® Operating SystemMicrosoft CorporationRstrtMgr.dllMD5=F14EA4521A8C000F1165581B5837355E,SHA256=6CB383C1FFB8AB7301B1666EEA83FD484EA049147C834725894652DB20D28359trueMicrosoft WindowsValid 734700x80000000000000006500863Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.900{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242trueMicrosoft WindowsValid 734700x80000000000000006500862Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.900{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FAtrueMicrosoft WindowsValid 734700x80000000000000006500861Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.884{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\cryptui.dll10.0.14393.3321 (rs1_release.191016-1811)Microsoft Trust UI ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationCRYPTUI.DLLMD5=7BA8C29986BA103E2353D405DCCB87D7,SHA256=E9FFD440B5318D65AC2A38125CC417C8F34C6344CA8D9251A8ABE74D14C518B8trueMicrosoft WindowsValid 734700x80000000000000006500860Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.884{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso20win32client.dll16.0.13801.20840Microsoft Office componentMicrosoft OfficeMicrosoft CorporationMso20Win32Client.dllMD5=33E67D19ED73BD77FAB770F3677363E0,SHA256=3A7198AC7F995AE9FCA91372AFC3719C04417D638EE37EAA3162DE0A99F0F6B9trueMicrosoft CorporationValid 734700x80000000000000006500859Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.884{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5trueMicrosoft WindowsValid 734700x80000000000000006500858Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.884{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.4530_none_aec97a71ddd5fa56\GdiPlus.dll10.0.14393.4530 (rs1_release.210705-0736)Microsoft GDI+Microsoft® Windows® Operating SystemMicrosoft CorporationgdiplusMD5=D1F325FD8BA2F0AA9F853CB05DBDE6F6,SHA256=ED1FDCE716A2D5E0703DEBAE0E272BAA49C750B31773E9C0ADFCF5F9758F9350trueMicrosoft WindowsValid 734700x80000000000000006500857Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.884{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\OART.DLL16.0.13801.20688Microsoft OfficeArtMicrosoft OfficeMicrosoft CorporationOART.DLLMD5=A4816E74F5F4F3A1D9B6637EB47C8B23,SHA256=9447582F286D97A4707BB8A6847398637D742E5ED653804EE94E495E3E3BF339trueMicrosoft CorporationValid 734700x80000000000000006500856Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.884{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\WWLIB.DLL16.0.13801.20854Microsoft WordMicrosoft OfficeMicrosoft Corporationwwlib.dllMD5=88AD4C5ED7EE51A82DDB8DF471E749B6,SHA256=E21BE93D40924965E74C6D1619F3C9AEE1FE09F535C8260B61387984DF55BC2DtrueMicrosoft CorporationValid 734700x80000000000000006500804Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.853{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002AtrueMicrosoft WindowsValid 734700x80000000000000006500803Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84BtrueMicrosoft WindowsValid 734700x80000000000000006500802Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899trueMicrosoft WindowsValid 734700x80000000000000006500801Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430DtrueMicrosoft WindowsValid 734700x80000000000000006500800Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006500799Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CAtrueMicrosoft WindowsValid 734700x80000000000000006500798Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575trueMicrosoft WindowsValid 734700x80000000000000006500797Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\windows.storage.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=1D7997E3AFC26B85024D33F835E18056,SHA256=B2376967E156D4971FB66059F6367030AF937943D2EBF80AF856E643B6E95BBFtrueMicrosoft WindowsValid 734700x80000000000000006500796Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704trueMicrosoft WindowsValid 734700x80000000000000006500795Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006500794Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\shell32.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=837B8644B9CE47EC28152E7D764886E0,SHA256=C5BA64473FB38E6B4592EAFA642AF82715CBC676190985D8D8D4150CE840044FtrueMicrosoft WindowsValid 734700x80000000000000006500793Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006500792Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006500791Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006500790Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\msvcp140.dll14.27.29114.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=F60E0D8C88242FE8CA38A8562685F231,SHA256=254F5CDE2DEF2BF3941F746E4902A36F5169BF73AE9E258E49BC1FEF7B26EC99trueMicrosoft CorporationValid 734700x80000000000000006500789Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006500788Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006500785Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\vcruntime140.dll14.27.29114.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=766F0D18983E0810882FBA122AD1163E,SHA256=F10EF6DE6C651DB42DBD455A1C674047862CEBF6CCCE1F784CDB0571C9EA9757trueMicrosoft CorporationValid 734700x80000000000000006500781Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006500780Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006500779Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\vcruntime140_1.dll14.27.29114.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=74B5641A50C27B57ED0DA622E66A239E,SHA256=A571D26E536D4F7DA93ACC24EDB1D823140B660795576DC27F626F1889106D36trueMicrosoft CorporationValid 734700x80000000000000006500778Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006500777Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006500776Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll16.0.13801.20634Microsoft Office componentMicrosoft OfficeMicrosoft Corporationc2r64.dllMD5=89F83DB0358154696068C1A1A2C48B76,SHA256=97A0AC1E7CF73E000BC13BF560BA088C79797604E5E64F21B6DB843CD16742FFtrueMicrosoft CorporationValid 734700x80000000000000006500774Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006500773Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006500772Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll10.0.19041.1074 (WinBuild.160101.0800)Client Virtualization SubsystemsMicrosoft® Windows® Operating SystemMicrosoft CorporationAppVISVSubsystems64.dllMD5=90B77DF9501D41C1FC3B9B08BF739CBD,SHA256=B767361DEEBE62459AD8D6124C9E94B0A20F09EA1C53F6111B7B71252B703A04trueMicrosoft CorporationValid 734700x80000000000000006500771Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006500769Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006500764Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006500763Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006500757Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006500756Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE16.0.13801.20864Microsoft WordMicrosoft OfficeMicrosoft CorporationWinWord.exeMD5=11F7D49A44E922C3BB0B426211F44E66,SHA256=025784F40F20654C264D060B1BA77066CF04BC56F6F2324E56372704FC4EC499trueMicrosoft CorporationValid 734700x80000000000000006500749Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\vcruntime140_1.dll14.27.29114.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140_1.dllMD5=74B5641A50C27B57ED0DA622E66A239E,SHA256=A571D26E536D4F7DA93ACC24EDB1D823140B660795576DC27F626F1889106D36trueMicrosoft CorporationValid 734700x80000000000000006500748Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.837{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcp140.dll14.27.29114.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationmsvcp140.dllMD5=F60E0D8C88242FE8CA38A8562685F231,SHA256=254F5CDE2DEF2BF3941F746E4902A36F5169BF73AE9E258E49BC1FEF7B26EC99trueMicrosoft CorporationValid 734700x80000000000000006500747Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.822{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\vcruntime140.dll14.27.29114.0 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio®Microsoft Corporationvcruntime140.dllMD5=766F0D18983E0810882FBA122AD1163E,SHA256=F10EF6DE6C651DB42DBD455A1C674047862CEBF6CCCE1F784CDB0571C9EA9757trueMicrosoft CorporationValid 734700x80000000000000006500746Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:23.822{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll16.0.13801.20442Microsoft Office Shell Extension HandlersMicrosoft OfficeMicrosoft Corporationmsoshext.dllMD5=08AB004F0278B5B461F732D7740A5874,SHA256=A8C1819BFD9FAD66B3360E7757F63A18E1C7D961217B01DBD7C0764217D4027CtrueMicrosoft CorporationValid 734700x80000000000000006501873Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.983{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\biwinrt.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Background Broker InfrastructureMicrosoft® Windows® Operating SystemMicrosoft Corporationbiwinrt.dllMD5=1774BAC67716351387E5F11635DEED8D,SHA256=74F9B4190CFFADCE3ED3F61D4FD6A4F7CCC6EE0F42E3452D018E8160ECB3BE1FtrueMicrosoft WindowsValid 734700x80000000000000006501847Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.983{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\fwbase.dll10.0.14393.0 (rs1_release.160715-1616)Firewall Base DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationfwbase.dllMD5=216C0DC7BEBD19C616A7BCE54F57F70C,SHA256=2305E780D161A736DB237727AC78EC1D2462793FD5013D126621B4BBBB16D743trueMicrosoft WindowsValid 734700x80000000000000006501844Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.983{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\FirewallAPI.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Firewall APIMicrosoft® Windows® Operating SystemMicrosoft CorporationFirewallAPI.DLLMD5=C7DD193AFCCF63B97C559993608EDAF0,SHA256=26E7628E9C65352F730F38D7BF32A845CC1CAEEC034152B1CDE85F9B89D1A6DCtrueMicrosoft WindowsValid 734700x80000000000000006501841Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.983{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\Windows.Networking.HostName.dll10.0.14393.4169 (rs1_release.210107-1130)Windows.Networking.HostName DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Networking.HostName.dllMD5=8DF028D66876592B54CEF5631E727C2E,SHA256=C16C85F3D505EDE6F2566DF7140171F5AB4A71DDDEEDC653D846D3954AA8E99AtrueMicrosoft WindowsValid 734700x80000000000000006501839Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.983{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\Windows.Networking.Connectivity.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Networking Connectivity Runtime DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Networking.Connectivity.dllMD5=7934F613774F04B5BFD097B3D77F81FB,SHA256=E1A32AADFED0859269C89D4E1C961D3BC8EA2A5FA86487C9817BB52899E0F60EtrueMicrosoft WindowsValid 734700x80000000000000006501836Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.983{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\Windows.Networking.dll10.0.14393.4169 (rs1_release.210107-1130)Windows.Networking DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Networking.dllMD5=79801C7A91F51A659B0BBA4E80FFFA6B,SHA256=A261D0F4572FAE532461712C90129E14682B09FA651742DBD856F28430586CA7trueMicrosoft WindowsValid 734700x80000000000000006501827Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.936{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1CtrueMicrosoft WindowsValid 734700x80000000000000006501803Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.936{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87trueMicrosoft WindowsValid 734700x80000000000000006501778Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.936{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\DBGHELP.DLL10.0.17763.1 (WinBuild.160101.0800)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoft CorporationDBGHELP.DLLMD5=3AD4BA5FD42E006E38D60AC93FD882E1,SHA256=502593C125B3DCF31D4565FCA6CF49E75233E1D6F3A7DEF2E2E2431E2501D349trueMicrosoft CorporationValid 734700x80000000000000006501776Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.936{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\v8jsi.dll0.63.1.8_5_210_20React Native V8 JSI AdapterReact Native V8 JSI AdapterMicrosoftv8jsi.dllMD5=A0BC9DBA90FC6D10B7618702FB67EC58,SHA256=2A6EBAA66D27F565E4008619D680DF1F2F13E77C2155F658B29F841B9D49AE51trueMicrosoft CorporationValid 734700x80000000000000006501774Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.936{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\react-native-win32.dll0.62.22React-Native-WindowsReact-Native-WindowsMicrosoftreact-native-win32.dllMD5=398277435FAC13143749320A60428DC8,SHA256=0576D3C166CF04F52BA9913A75FF14D77AF755D5285D7E7D64550BA432DBA932trueMicrosoft CorporationValid 734700x80000000000000006501745Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.883{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006501742Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.883{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006501741Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.883{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006501736Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006501735Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006501734Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242trueMicrosoft WindowsValid 734700x80000000000000006501733Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006501732Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006501731Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006501730Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006501729Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\webservices.dll10.0.14393.2312 (rs1_release.180607-1919)Windows Web Services RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationWebServices.dllMD5=3EE43755685D59060FAC0E2F09D67686,SHA256=BF80D9B840C28BC4E8FE9A4E6DBCCCAEE37A108F83428ABA1DD780D5312369D8trueMicrosoft WindowsValid 734700x80000000000000006501727Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006501725Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006501724Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FAtrueMicrosoft WindowsValid 734700x80000000000000006501723Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006501722Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006501721Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006501719Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006501718Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\xmllite.dll10.0.14393.3143 (rs1_release.190725-1725)Microsoft XmlLite LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationXmlLite.dllMD5=64E301CCFADF34810ADA8DE9DBC7720F,SHA256=6EAE1E0E610793C7DF2B27795553F377D2C4126CF74D8EE4A84DE3C3150871F8trueMicrosoft WindowsValid 734700x80000000000000006501716Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006501715Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006501714Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\cryptxml.dll10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)XML DigSig APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptxml.dllMD5=2D8B5120841F9D57D81B417B8033051F,SHA256=10896E3FBB656A1FD76CB636510A8501B12068C653BC27FAA4DD8DC89ED7AE4AtrueMicrosoft WindowsValid 734700x80000000000000006501712Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006501710Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006501709Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006501708Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006501707Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.867{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006501702Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.852{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006501700Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.852{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006501699Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.852{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006501697Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.852{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\sppsvc.exe10.0.14393.4530 (rs1_release.210705-0736)Microsoft Software Protection Platform ServiceMicrosoft® Windows® Operating SystemMicrosoft Corporationsppsvc.exeMD5=280B8B6A6CD8A833284EA11425EE5396,SHA256=FD9A147C6649AC20CBC7C74DC431866468D2E4183ED7B876F7E336382DCC6A40trueMicrosoft WindowsValid 734700x80000000000000006501688Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.820{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\D3DCompiler_47.dll10.0.14393.3930 (rs1_release.200901-1914)Direct3D HLSL CompilerMicrosoft® Windows® Operating SystemMicrosoft Corporationd3dcompiler_47.dllMD5=6C441F5AD6724D68B27D9928C6C1170D,SHA256=EEA0AE3BDCEF59AF62F471E90C489044B8DB55BFF6377231E002A70AB1F8CF73trueMicrosoft WindowsValid 734700x80000000000000006501676Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.652{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\globinputhost.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows Globalization Extension API for InputMicrosoft® Windows® Operating SystemMicrosoft Corporationglobinputhost.dllMD5=B92070EB12AF4C292155EBB155A0B6C3,SHA256=F155CFD56DC7199F16377259C55C0E8A26662A81588264F01D0E1F1387721DDCtrueMicrosoft WindowsValid 734700x80000000000000006501673Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.652{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\BCP47Langs.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)BCP47 Language ClassesMicrosoft® Windows® Operating SystemMicrosoft CorporationBCP47Lang.dllMD5=F688C2B9DD2EB56C3B0312B6380338AA,SHA256=B22DB210486D3B5F4EEB17900C5E7AA0EEFEDBB068A0C4858EFE9F8018C34628trueMicrosoft WindowsValid 734700x80000000000000006501672Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.652{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\Windows.Globalization.dll10.0.14393.4467 (rs1_release.210604-1844)Windows GlobalizationMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Globalization.dllMD5=4D2537567A93ABF1D93CB7A7E76F954C,SHA256=5740181B56927C0DC66A6BCECA15EA2806A0ED471A01F785AD47C8C73A1DF85FtrueMicrosoft WindowsValid 734700x80000000000000006501647Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.568{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\edputil.dll10.0.14393.2608 (rs1_release.181024-1742)EDP utilMicrosoft® Windows® Operating SystemMicrosoft CorporationEDPUTIL.DLLMD5=75AC86B00CE4C64B02B105A55CA35628,SHA256=DB31A2345E3BB8DC79BFB4CC29615E3B8B7638AE80BFEC45FA57852669A592AEtrueMicrosoft WindowsValid 734700x80000000000000006501646Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.568{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\cscapi.dll10.0.14393.0 (rs1_release.160715-1616)Offline Files Win32 APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcscapi.dllMD5=6433F8201BFB449DC6B47F6999C2F164,SHA256=06729F1E0A0596620B48B6DC4A2CC9CC5FE55B17BD488C71F7F15AA4262C8C14trueMicrosoft WindowsValid 734700x80000000000000006501645Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.568{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\cryptnet.dll10.0.14393.2035 (rs1_release_inmarket.180110-1910)Crypto Network Related APIMicrosoft® Windows® Operating SystemMicrosoft CorporationCRYPTNET.DLLMD5=C826D7EA2E1A6884120676A0A3CBC714,SHA256=B4EFCCA21ADC0FF2FD3505DD9F9F6D6F66CFF229FE21D97DFEF19F1D485769A0trueMicrosoft WindowsValid 734700x80000000000000006501643Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.568{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ntshrui.dll10.0.14393.4169 (rs1_release.210107-1130)Shell extensions for sharingMicrosoft® Windows® Operating SystemMicrosoft Corporationntshrui.dllMD5=E996A5D4EA7754FF1B0411F0B1664603,SHA256=B2DA0AC549C551A2CAF0714EF3B344C33943292FB1FA9F2EEFA706B6FF18F1A2trueMicrosoft WindowsValid 734700x80000000000000006501635Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.568{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\linkinfo.dll10.0.14393.0 (rs1_release.160715-1616)Windows Volume TrackingMicrosoft® Windows® Operating SystemMicrosoft CorporationLINKINFO.DLLMD5=4CE9B67A187310E37E535FC4165E0933,SHA256=469B33A5DDAA93D28F66AE6D6956268F6F2F09F146734D00A931FBDD1D87DE42trueMicrosoft WindowsValid 734700x80000000000000006501612Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.536{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\DataExchange.dll10.0.14393.4169 (rs1_release.210107-1130)Data exchangeMicrosoft® Windows® Operating SystemMicrosoft CorporationDataExchange.dllMD5=23F499FA8F8E02A8090FB78E80617BDD,SHA256=08C2E505F3765D98379BB88DC8AD5555AB680A691054933FCA1A2CFCDFA42F51trueMicrosoft WindowsValid 734700x80000000000000006501587Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.536{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dcomp.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft DirectComposition LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationdcomp.dllMD5=40873566DBFF13981CA1AE23AC281C5D,SHA256=E52C4619C837358454B969D31E2E14ACDEDABB384272D48C03E4F0AF9A2C2B6EtrueMicrosoft WindowsValid 734700x80000000000000006501585Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.521{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\PhotoMetadataHandler.dll10.0.14393.4169 (rs1_release.210107-1130)Photo Metadata HandlerMicrosoft® Windows® Operating SystemMicrosoft CorporationPhotoMetadataHandler.dllMD5=6FB0850ABAD1E8FDD1F662FCF819262C,SHA256=3EFCA956A159AE40CE292607EC59E4D258BDE13EAB51AFEF270FE55154CFA26EtrueMicrosoft WindowsValid 734700x80000000000000006501583Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.521{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\usp10.dll10.0.14393.3321 (rs1_release.191016-1811)Uniscribe Unicode script processorMicrosoft® Windows® Operating SystemMicrosoft CorporationUSP10.DLLMD5=ACF31D492FD578C0374EB20CC393BE98,SHA256=D49ECA60A94B30DB87CDCEB36F284D273E080E8689E4B0F99D5BD44FFD117A92trueMicrosoft WindowsValid 734700x80000000000000006501552Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.499{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ieapfltr.dll11.00.14393.4169Microsoft SmartScreen FilterInternet ExplorerMicrosoft CorporationIEAPFLTR.DLLMD5=6BB1BAB2380B2AA74FE2EEE4241C0ED8,SHA256=D58B40BC9BD10E07CBDD63FCD0037FF6EAEC2A86F189FFFAC54B4C9094FB5DA0trueMicrosoft WindowsValid 734700x80000000000000006501551Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.499{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wldp.dll10.0.14393.3143 (rs1_release.190725-1725)Windows Lockdown PolicyMicrosoft® Windows® Operating SystemMicrosoft Corporationwldp.dllMD5=51A0208B106B4392AC4B3174B27A39EF,SHA256=EA9955976994C44DC091A07C69E9C863A4D5A960900019D3C4136BDFD1F885D4trueMicrosoft WindowsValid 734700x80000000000000006501550Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.483{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\srpapi.dll10.0.14393.4583 (rs1_release.210730-1850)SRP APIs DllMicrosoft® Windows® Operating SystemMicrosoft Corporationsrpapi.dllMD5=403A93D86E54B82D119D7FC1B7B16D34,SHA256=50F21E2A1EA9CCDCB634F66C1A23CBA591B96649A0C8AF217A13ED79729E73D0trueMicrosoft WindowsValid 734700x80000000000000006501549Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.483{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\mshtml.dll11.00.14393.4583 (rs1_release.210730-1850)Microsoft (R) HTML ViewerInternet ExplorerMicrosoft CorporationMSHTML.DLLMD5=9FE307A03D416BAD04E4900A7204D6F6,SHA256=50E9F9F9BA859E2F8F3DB5452134B0D26444AC5EB3FD03F4A00FB303C58431BEtrueMicrosoft WindowsValid 734700x80000000000000006501545Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.437{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006501543Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.437{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006501542Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.437{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006501541Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.421{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msvcp110_win.dll10.0.14393.2007 (rs1_release.171231-1800)Microsoft® STL110 C++ Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp110_win.dllMD5=BFB390484F611C21582AD11E4C6ADEF2,SHA256=30B5AD268C022FCA2AACAE2CB6E4DC36F6A01C16A006046BB4417CEA96DA4F5AtrueMicrosoft WindowsValid 734700x80000000000000006501539Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.421{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dsreg.dll10.0.14393.4467 (rs1_release.210604-1844)AD/AAD User Device RegistrationMicrosoft® Windows® Operating SystemMicrosoft Corporationdsreg.dllMD5=79A9D7EA2FEAEF86876FFD1B6D1CB6C1,SHA256=A1BA47F25235AA03E37B420DA61B68E1F3165A590B15AAC43894613A88250018trueMicrosoft WindowsValid 734700x80000000000000006501509Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.421{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ADAL.DLL3.4.1.35249ADAL.NativeMicrosoft© ADALMicrosoftadal.dllMD5=83940B529D140372B1FF153CF83E478D,SHA256=1D246C806D9F170AAC09E8AA3507553B7833BA2067B81150588444B3C93BAADBtrueMicrosoft CorporationValid 734700x80000000000000006501508Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.421{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\webservices.dll10.0.14393.2312 (rs1_release.180607-1919)Windows Web Services RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationWebServices.dllMD5=3EE43755685D59060FAC0E2F09D67686,SHA256=BF80D9B840C28BC4E8FE9A4E6DBCCCAEE37A108F83428ABA1DD780D5312369D8trueMicrosoft WindowsValid 734700x80000000000000006501496Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.368{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176trueMicrosoft WindowsValid 734700x80000000000000006501493Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.319{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\hlink.dll10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Microsoft Office 2000 componentMicrosoft® Windows® Operating SystemMicrosoft Corporationhlink.dllMD5=FD7A5F4DF14E2D70CE268E22C5A56650,SHA256=E159200E7E4F627FDCF37230F12412B45C18FB1D3EFB1D3F06B4FE1BAA205351trueMicrosoft WindowsValid 734700x80000000000000006501486Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.299{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ncryptsslp.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft SChannel ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationncryptsslp.dllMD5=80D0046E61E3DBD708B53657DA4C5821,SHA256=7457E1BB911D132A8BEDEB6D7DEDB82365A6D681FBEF2331D4FB545AC1DA5A56trueMicrosoft WindowsValid 734700x80000000000000006501485Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.299{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\mskeyprotect.dll10.0.14393.4046 (rs1_release.201028-1803)Microsoft Key Protection ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationmskeyprotect.dllMD5=87A5C9919D4A67629718959772E120DD,SHA256=707BD6ECE458848F7343C2CF3184A74D99C40E7F5E58E5DA608E4C88D03609E4trueMicrosoft WindowsValid 734700x80000000000000006501484Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.284{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\davhlpr.dll10.0.14393.0 (rs1_release.160715-1616)DAV Helper DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdavhlpr.DLLMD5=D7A5CB6257EA5F99F80A1075BBFEEB41,SHA256=4720811BED40F9998038BCEC6F941E418AB6D0305AB15AFB248F49CC02C64D74trueMicrosoft WindowsValid 734700x80000000000000006501483Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.284{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006501479Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.252{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\EXPSRV.DLL7.1.1108Visual Basic for Applications Runtime - Expression ServiceMicrosoft Visual Basic for ApplicationsMicrosoft CorporationEXPSRV.DLLMD5=3FF977F13147CF29DDB70AA247BD3690,SHA256=3FE5A0245668D229732B49763CB17E3BD466204440DBBC4D27F5E3095CED6C45trueMicrosoft CorporationValid 734700x80000000000000006501478Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.252{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\System\msvcr100.dll10.00.40219.1Microsoft® C Runtime LibraryMicrosoft® Visual Studio® 2010Microsoft Corporationmsvcr100_clr0400.dllMD5=DF3CA8D16BDED6A54977B30E66864D33,SHA256=1D1A1AE540BA132F998D60D3622F0297B6E86AE399332C3B47462D7C0F560A36trueMicrosoft CorporationValid 734700x80000000000000006501477Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.252{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\VBAJET32.DLL7.1.1104Visual Basic for Applications Development Environment - Expression Service LoaderMicrosoft Visual Basic for ApplicationsMicrosoft CorporationVBAJET32.DLLMD5=A302D22CC544B6BFB4E1BB522B036CB1,SHA256=76823CF79F5C76C96E2FCA31D06796D62727ABE559FFBA78E5F21DC324E55188trueMicrosoft CorporationValid 734700x80000000000000006501476Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.252{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEES.DLL16.0.13801.20688Microsoft Access database engine Expression ServiceMicrosoft OfficeMicrosoft Corporationacees.dllMD5=01B32DC29CEB905A6D0FC5C1C703B0CA,SHA256=70106489670931C7491BA1F8AF1DE0503E53844B2AA52F82C3143A8B6E83151DtrueMicrosoft CorporationValid 734700x80000000000000006501474Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.252{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\ACEWSTR.DLL16.0.13801.20008Microsoft Access database engine Sort DLLMicrosoft OfficeMicrosoft Corporationacewstr.dllMD5=D26F3BC200CD057CB9939073143F652E,SHA256=F2985BACE4D0E5A2E82A9FE8CA935BCD19D184BA72F81F4CDC5D3627ECC0B937trueMicrosoft CorporationValid 734700x80000000000000006501472Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.252{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACECORE.DLL16.0.13801.20634Microsoft Access database engine DLLMicrosoft OfficeMicrosoft Corporationacecore.dllMD5=052CFD327BA966E1D3EA5FAFB290672B,SHA256=8DD3054536AD700CD3C7BD59E95456B83E7D177AE1A7C6AAB21C97C49027E655trueMicrosoft CorporationValid 734700x80000000000000006501471Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.237{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msdart.dll10.0.14393.0 (rs1_release.160715-1616)OLE DB Runtime RoutinesMicrosoft® Windows® Operating SystemMicrosoft Corporationmsdart.dllMD5=2D8AE33BC433EFE81FB9F5B126B4A0A9,SHA256=5BC4D64A18925CFB39C898E954BC24473BCCFDA11E31A8FD7E01F8F888BD6B76trueMicrosoft WindowsValid 734700x80000000000000006501470Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.237{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Common Files\System\Ole DB\oledb32.dll10.0.14393.4169 (rs1_release.210107-1130)OLE DB Core ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationoledb32.dllMD5=1C9084B11668B0E8E83D7887BC2BDA33,SHA256=A2FF5347549ECCC9804F180C34D465AFA55027B3B0F614A2666934FA2963F436trueMicrosoft WindowsValid 734700x80000000000000006501469Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.237{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEOLEDB.DLL16.0.13801.20490Microsoft Access database engine OLE DB ProviderMicrosoft OfficeMicrosoft Corporationaceoledb.dllMD5=E8DCF5077604E501B55ABD40BFB32ACB,SHA256=CFA364D0ACFC660080B2F3C6D06E89B6CBBA031F3673E7C56843825991D9EA6AtrueMicrosoft CorporationValid 734700x80000000000000006501468Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.237{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\RICHED20.DLL16.0.13801.20442RichEdit Version 8.0Microsoft OfficeMicrosoft Corporationriched20.dllMD5=4AADCAFE0937BFDD2C0E089B37549CD7,SHA256=8D12811470721C2A4775AE2CF2B236C5E16FD4215D70E63C768BD9F4ADBC364AtrueMicrosoft CorporationValid 734700x80000000000000006501467Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.237{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wintrust.dll10.0.14393.4530 (rs1_release.210705-0736)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=992BCD32EF7680C574A426FAA4933ACA,SHA256=5755AC46B4220784A6E6AC12A755CC10892A5AE59B67924576075A1A29D68B3DtrueMicrosoft WindowsValid 734700x80000000000000006501466Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.237{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Csi.dll16.0.13801.20842Microsoft Office Document CacheMicrosoft OfficeMicrosoft CorporationCsi.dllMD5=79BAD2A42BC1DDCF7747154DB5CDA177,SHA256=B943A38387BD920D64860A27F667FF8C23529614A5812412A672E18052A2CFA5trueMicrosoft CorporationValid 734700x80000000000000006501465Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.237{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\sxs.dll10.0.14393.4169 (rs1_release.210107-1130)Fusion 2.5Microsoft® Windows® Operating SystemMicrosoft CorporationSXS.DLLMD5=54FB18CA661D074CBB60D5A58D40C8D3,SHA256=A2BD6160222A216F8A6830C1273662F8AE88F53D2CE6DA5893FF70D146A0A2B0trueMicrosoft WindowsValid 734700x80000000000000006501464Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.221{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\UIAutomationCore.dll7.2.14393.4169 (rs1_release.210107-1130)Microsoft UI Automation CoreMicrosoft® Windows® Operating SystemMicrosoft CorporationUIAutomationCore.dllMD5=9B2DCFE11EEBDDC18A8F5964E04E64A0,SHA256=5CBC5B45B9EB5B4EF1360005CD675D20D7EE9FE588DA24543FF7C9ACB88317FFtrueMicrosoft WindowsValid 734700x80000000000000006501461Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.217{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msimg32.dll10.0.14393.0 (rs1_release.160715-1616)GDIEXT Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationgdiextMD5=78DA58DF85F86CA61E5EAFB9EF0A83BE,SHA256=3216205F5C355D582EC4B902651B62E1FF3EFFDCA40BC849D474F13F1325E962trueMicrosoft WindowsValid 734700x80000000000000006501460Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.216{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\GFX.DLL16.0.13801.20442Microsoft Office GraphicsMicrosoft OfficeMicrosoft CorporationGFX.DLLMD5=67A8185AAF7674010FB3D3F4BF71B3A7,SHA256=3017C9E5F1B0107444C560FF931BEB019E96AFC49D33F131B1BD0D3AF5B53614trueMicrosoft CorporationValid 734700x80000000000000006501449Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.184{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\schannel.dll10.0.14393.4225 (rs1_release.210127-1811)TLS / SSL Security ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationschannel.dllMD5=2562B81E255EB6DF8497402ABC6C59BB,SHA256=340532C238CA5B84BA9D7A2DB4D1CCD58D869FECC44A463A93F54C974E1B41F4trueMicrosoft WindowsValid 734700x80000000000000006501448Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.184{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\cabinet.dll5.00 (rs1_release.160715-1616)Microsoft® Cabinet File APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcabinet.dllMD5=08A4A2712DB2AE10E483FB74E46B0E73,SHA256=EEB32E3E4256CC9935227ACD5BA576B75F1F6FE3C818D2127513CB22F823FECBtrueMicrosoft WindowsValid 734700x80000000000000006501442Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.153{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\twinapi.dll10.0.14393.4169 (rs1_release.210107-1130)twinapiMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.dllMD5=40E4471EAFBC1AB4D40288BF005AB895,SHA256=E93454095918346B3426D55704F02DF6FBB1B840BF969CE619E3F10BA0AC9A44trueMicrosoft WindowsValid 734700x80000000000000006501414Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.137{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\msxml6.dll6.30.14393.4530MSXML 6.0Microsoft XML Core ServicesMicrosoft CorporationMSXML6.dllMD5=10A0259030F41545ECAFB6A595F7C457,SHA256=CF160C3ADCE5AA2357697A02C6FC38071CBE1818B036F1C67F746868EB7F814DtrueMicrosoft WindowsValid 734700x80000000000000006501377Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.137{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11trueMicrosoft WindowsValid 734700x80000000000000006501353Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.137{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704trueMicrosoft WindowsValid 734700x80000000000000006501349Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.137{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wmiclnt.dll10.0.14393.0 (rs1_release.160715-1616)WMI Client APIMicrosoft® Windows® Operating SystemMicrosoft Corporationwmiclnt.dllMD5=6B61852EDC8F0EB9E555CF5308A1CA67,SHA256=73CBABE06D58CF771AC647C0DE916BD668FEC96A40EDF7283D50C1C7DE07FE08trueMicrosoft WindowsValid 734700x80000000000000006501348Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.137{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wmi.dll10.0.14393.0 (rs1_release.160715-1616)WMI DC and DP functionalityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmi.DLLMD5=BECC01CF48016043B5DC3D5477CC08CF,SHA256=449E882DBCD4DD25B8F10CD62623DCB15E5B6375B0699463506EA55886B7B9DAtrueMicrosoft WindowsValid 734700x80000000000000006501341Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.137{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006501340Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.121{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\framedynos.dll10.0.14393.4169 (rs1_release.210107-1130)WMI SDK Provider FrameworkMicrosoft® Windows® Operating SystemMicrosoft Corporationframedyn.dllMD5=F5BCBB0713FF862975B07056D25E166E,SHA256=DBB3B6E35E0FEF5B878DE8C85AF578B51C1C2DB025865354E27394AEA87824B2trueMicrosoft WindowsValid 734700x80000000000000006501339Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.121{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575trueMicrosoft WindowsValid 734700x80000000000000006501338Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.121{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\mlang.dll10.0.14393.4169 (rs1_release.210107-1130)Multi Language Support DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMLANG.DLLMD5=1DB944C25F1B1D7105543E61F1CC5E2F,SHA256=EBA81052B0330151F8FE0FC95AFD2203D3869D67A05AD4E5D3FA8A69B48B4046trueMicrosoft WindowsValid 734700x80000000000000006501337Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.121{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\cimwin32.dll10.0.14393.3297 (rs1_release_1.191001-1045)WMI Win32 ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationcimwin32.dllMD5=35C291C2351E11C928195BFD018A972C,SHA256=CC1655A2CD71118C0197A1A96D47E86C74F58AA6D589B55F77D8C1C12C542BA7trueMicrosoft WindowsValid 734700x80000000000000006501336Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.121{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\FWPUCLNT.DLL10.0.14393.0 (rs1_release.160715-1616)FWP/IPsec User-Mode APIMicrosoft® Windows® Operating SystemMicrosoft Corporationfwpuclnt.dllMD5=A65FA613342B08E0F760D8B13B9C135A,SHA256=C64A1EC862188D2EE1202DB02BFBF4E2DD56780905E509012799EB57FC9A88EDtrueMicrosoft WindowsValid 734700x80000000000000006501332Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.121{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\wmiutils.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwmiutils.dllMD5=5179B0DEF3AB5CAC3BA02316AF1B6B40,SHA256=FA4112CB0D1A133C41FD001F958F0BE930BB49072BF97A3D765AEA8DB841ABC4trueMicrosoft WindowsValid 734700x80000000000000006501327Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.121{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\coml2.dll10.0.14393.2608 (rs1_release.181024-1742)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOML2.DLLMD5=F51CCB7A95B83C1327390BF672AFD328,SHA256=850E50B525EF51374B880146E26464D10A8B1DAE1E0307F7B27DC7322824F2BFtrueMicrosoft WindowsValid 734700x80000000000000006501324Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.121{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\wbemsvc.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemsvc.dllMD5=2BE97028B7B85762561F475E31989C2A,SHA256=75C9D8C6D41B4B7D70666A8107A08A748CEF6CB9E60AD0288B10CDE12E274AFFtrueMicrosoft WindowsValid 734700x80000000000000006501323Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.037{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\iertutil.dll11.00.14393.4467 (rs1_release.210604-1844)Run time utility for Internet ExplorerInternet ExplorerMicrosoft CorporationIeRtUtil.dllMD5=1D608361848C3A3AC56488995E8D0BB1,SHA256=D95DE5DBAD08E22CB0CFB9322220E752F16124C15867F7748E4D64795E400EBFtrueMicrosoft WindowsValid 734700x80000000000000006501299Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.121{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006501298Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.121{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006501294Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.121{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\wbemprox.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemprox.dllMD5=B7B56FAC395BEEDC20120FD0170A23A3,SHA256=7BDF579D7348D84F251A8411E40E14ADF9406F954914C1C4DE30E880DCF6CEB3trueMicrosoft WindowsValid 734700x80000000000000006501292Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.120{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006501287Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006501286Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006501285Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006501284Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006501283Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006501282Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006501273Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006501272Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006501271Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006501270Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006501269Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006501268Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006501267Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006501266Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\ncobjapi.dll10.0.14393.0 (rs1_release.160715-1616)-Microsoft® Windows® Operating SystemMicrosoft CorporationNCObjAPI.DLLMD5=EA51AB4DE69030FC62B5014175D27A88,SHA256=774A8136F6FC789952548DA2A72F2E53E32A33E91C48EA707C1D823058515DABtrueMicrosoft WindowsValid 734700x80000000000000006501265Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbemcomn.dll10.0.14393.4530 (rs1_release.210705-0736)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemcomn.dllMD5=91E2160941219FFEBE4093E6681BE4CF,SHA256=3B8AA86EAF2200F53A6EB57B08A34F1BA5E467B72E5002C3BCBF20AF40D98CD1trueMicrosoft WindowsValid 734700x80000000000000006501264Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\fastprox.dll10.0.14393.0 (rs1_release.160715-1616)WMI Custom MarshallerMicrosoft® Windows® Operating SystemMicrosoft Corporationfastprox.dllMD5=C2F7834269D565263C65757EDE37A66C,SHA256=17651A35255229CE95F065CA1BCCC4867B43DA879D72AFCC91FBA4768225C7D3trueMicrosoft WindowsValid 734700x80000000000000006501263Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006501262Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006501261Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006501258Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006501257Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.100{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\WmiPrvSE.exe10.0.14393.2155 (rs1_release_1.180305-1842)WMI Provider HostMicrosoft® Windows® Operating SystemMicrosoft CorporationWmiprvse.exeMD5=E1BCE838CD2695999AB34215BF94B501,SHA256=1D7B11C9DEDDAD4F77E5B7F01DDDDA04F3747E512E0AA23D39E4226854D26CA2trueMicrosoft WindowsValid 734700x80000000000000006501249Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.037{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\urlmon.dll11.00.14393.4530 (rs1_release.210705-0736)OLE32 Extensions for Win32Internet ExplorerMicrosoft CorporationUrlMon.dllMD5=B63DBDFEC215CF37259DC4A88ADBD0E7,SHA256=67B02F3DE0AF36E76C2D259CE7833EDA4FE33D935538E8A4C1E7E82130870FC1trueMicrosoft WindowsValid 734700x80000000000000006501206Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006501187Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.068{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\rasadhlp.dll10.0.14393.0 (rs1_release.160715-1616)Remote Access AutoDial HelperMicrosoft® Windows® Operating SystemMicrosoft Corporationrasadhlp.dllMD5=FAE8D0480BDD905EEA453D3A57C8D5C6,SHA256=C1531223B8201B344A6A6474CB2D9B8A8C632250A3A6F472EC5E2D7D28ADD94CtrueMicrosoft WindowsValid 734700x80000000000000006501177Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\npmproxy.dll10.0.14393.4169 (rs1_release.210107-1130)Network List Manager ProxyMicrosoft® Windows® Operating SystemMicrosoft Corporationnpfproxy.dllMD5=4D76C6FAF3D01B31A68C9ABF95F4B7D4,SHA256=9B771613C067880E99ED3D68E6C2A43C6B252E899D44682ADEB5A7F02E925920trueMicrosoft WindowsValid 734700x80000000000000006501173Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.053{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\webio.dll10.0.14393.3866 (rs1_release.200805-1327)Web Transfer Protocols APIMicrosoft® Windows® Operating SystemMicrosoft Corporationwebio.dllMD5=0CE65DF03820B5523EFE7D20258E6F0A,SHA256=9224732E1A7761866BB479C91A02C561F77B203EB20914F4ED0AF8FE320E8FF6trueMicrosoft WindowsValid 734700x80000000000000006501156Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.053{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006501138Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.020{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\netprofm.dll10.0.14393.4169 (rs1_release.210107-1130)Network List ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationnetprofm.dllMD5=02AD37C3C2D54BCD9E7BD2AFF3D6E7A6,SHA256=D71D631EC1790A9BD9451EFAEFC7EBADE6353A17CDBB4D8AAACD3102430A686EtrueMicrosoft WindowsValid 734700x80000000000000006501130Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.053{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSPTLS.DLL16.0.13801.20178Microsoft Office componentMicrosoft OfficeMicrosoft Corporationmsptls.dllMD5=53C631125C4AB3BFA9F7DB70B4B02EFA,SHA256=4F0593A374FE614EBBFAB37A9C39515D695ABA2EF3ADDD72BD912A83426789FEtrueMicrosoft CorporationValid 734700x80000000000000006501124Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.053{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wininet.dll11.00.14393.4583 (rs1_release.210730-1850)Internet Extensions for Win32Internet ExplorerMicrosoft Corporationwininet.dllMD5=524876363DA8F469C13E0818256B6131,SHA256=DAA85FEAB4553D9A203A85A58C8CB26A2784E0D33226B41AAE98471DAE75C035trueMicrosoft WindowsValid 734700x80000000000000006501120Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.053{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\sppc.dll10.0.14393.67 (rs1_release.160804-2231)Software Licensing Client DllMicrosoft® Windows® Operating SystemMicrosoft Corporationsppc.dllMD5=7CF84329545035CC0833119C7268A620,SHA256=49E3FA8B9F9ACB1A2CEDE37970361316C93286CEE7F70DE5985E7135498A4210trueMicrosoft WindowsValid 734700x80000000000000006501106Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.037{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\xmllite.dll10.0.14393.3143 (rs1_release.190725-1725)Microsoft XmlLite LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationXmlLite.dllMD5=64E301CCFADF34810ADA8DE9DBC7720F,SHA256=6EAE1E0E610793C7DF2B27795553F377D2C4126CF74D8EE4A84DE3C3150871F8trueMicrosoft WindowsValid 734700x80000000000000006501094Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.000{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\DWrite.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft DirectX Typography ServicesMicrosoft® Windows® Operating SystemMicrosoft CorporationDWriteMD5=1875083243EE498D0B2BB6B025AD7520,SHA256=A3FA592126642537BF6F0E4E9750A43A899525FE616DE899ABD7F26A9E7620C4trueMicrosoft WindowsValid 734700x80000000000000006501085Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.037{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wbem\fastprox.dll10.0.14393.0 (rs1_release.160715-1616)WMI Custom MarshallerMicrosoft® Windows® Operating SystemMicrosoft Corporationfastprox.dllMD5=C2F7834269D565263C65757EDE37A66C,SHA256=17651A35255229CE95F065CA1BCCC4867B43DA879D72AFCC91FBA4768225C7D3trueMicrosoft WindowsValid 734700x80000000000000006501069Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.037{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006501068Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.037{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006501062Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.037{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dhcpcsvc.dll10.0.14393.3930 (rs1_release.200901-1914)DHCP Client ServiceMicrosoft® Windows® Operating SystemMicrosoft Corporationdhcpcsvc.dllMD5=CD3B9633BBEF2102C4665A2C39EC0B1A,SHA256=341EFB4806BE39E09AA90CA3B069C39F2A9D61FA9B512350B2721D41875AFCAEtrueMicrosoft WindowsValid 734700x80000000000000006501061Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.037{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wbem\wbemsvc.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemsvc.dllMD5=2BE97028B7B85762561F475E31989C2A,SHA256=75C9D8C6D41B4B7D70666A8107A08A748CEF6CB9E60AD0288B10CDE12E274AFFtrueMicrosoft WindowsValid 734700x80000000000000006501060Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.037{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dhcpcsvc6.dll10.0.14393.3930 (rs1_release.200901-1914)DHCPv6 ClientMicrosoft® Windows® Operating SystemMicrosoft Corporationdhcpcsvc6.dllMD5=1721EAC44BCFC7177AA664ADCA514F23,SHA256=C099BCCE44A04A48147DE8CF093EBF997510154113789BF31394B5148F60B375trueMicrosoft WindowsValid 734700x80000000000000006501059Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.037{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006501058Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.037{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\winnsi.dll10.0.14393.2339 (rs1_release_inmarket.180611-1502)Network Store Information RPC interfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationwinnsi.dllMD5=25B3BD4D63460EE4599F5631C1B83D21,SHA256=07E055D47940F09CB7EB512D52672C944D7D2F035A2F45766319871C0862C5B1trueMicrosoft WindowsValid 734700x80000000000000006501039Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.037{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wbemcomn.dll10.0.14393.4530 (rs1_release.210705-0736)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemcomn.dllMD5=91E2160941219FFEBE4093E6681BE4CF,SHA256=3B8AA86EAF2200F53A6EB57B08A34F1BA5E467B72E5002C3BCBF20AF40D98CD1trueMicrosoft WindowsValid 734700x80000000000000006501038Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.037{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\wbem\wbemprox.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemprox.dllMD5=B7B56FAC395BEEDC20120FD0170A23A3,SHA256=7BDF579D7348D84F251A8411E40E14ADF9406F954914C1C4DE30E880DCF6CEB3trueMicrosoft WindowsValid 734700x80000000000000006501037Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\RICHED20.DLL16.0.13801.20442RichEdit Version 8.0Microsoft OfficeMicrosoft Corporationriched20.dllMD5=4AADCAFE0937BFDD2C0E089B37549CD7,SHA256=8D12811470721C2A4775AE2CF2B236C5E16FD4215D70E63C768BD9F4ADBC364AtrueMicrosoft CorporationValid 734700x80000000000000006501036Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\mswsock.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft Windows Sockets 2.0 Service ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationmswsock.dllMD5=B52ACA309FD6F72105951FFBA022327B,SHA256=02AB6CCE4BF0D3F075D5E982F5A4CBDB514CE7C245EA474D7846A86CD3F13202trueMicrosoft WindowsValid 734700x80000000000000006501035Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\OnDemandConnRouteHelper.dll10.0.14393.4169 (rs1_release.210107-1130)On Demand Connctiond Route HelperMicrosoft® Windows® Operating SystemMicrosoft CorporationOnDemandConnRouteHelper.dllMD5=BAE78E97BEBB832376654560305922E3,SHA256=6A188DC4F1005E46CCA529E9C757D9B3B5F98E5587AFAA5E4200C7DD2AC73355trueMicrosoft WindowsValid 734700x80000000000000006501034Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\winhttp.dll10.0.14393.4467 (rs1_release.210604-1844)Windows HTTP ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationwinhttp.dllMD5=8893BE5829B2F909E7FC4AF4C43B54F9,SHA256=C1D791C72417FD001E2A5FE441717881D43428A931724E7FD2DCCE6C83699458trueMicrosoft WindowsValid 734700x80000000000000006501031Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\MSOARIA.DLL16.0.55555.10000Microsoft Office componentMicrosoft OfficeMicrosoft CorporationMsoAria.dllMD5=2357126682CE4CAB2E5963883400D41D,SHA256=878BF317D30612C970E2EFDF93C3F22BF360D0304CFB54E96D638E8A5DE24E51trueMicrosoft CorporationValid 734700x80000000000000006501029Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dpapi.dll10.0.14393.0 (rs1_release.160715-1616)Data Protection APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdpapi.dllMD5=927EA28A3F416A5A5E9FC638CA245EF5,SHA256=D399633CC99D754DD999BB4FFADD768FEA82F57A0241809117AD786DC33DD30EtrueMicrosoft WindowsValid 734700x80000000000000006501028Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006501027Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll4.8.4180.0 built by: NET48REL1LAST_BMicrosoft .NET Runtime Execution EngineMicrosoft® .NET FrameworkMicrosoft Corporationmscoreei.dllMD5=899A8B655E52A061B33571D97C5C06ED,SHA256=DE05B03E37FB9BA5D74CF8FA36A6F0B15AB61705285B738BC90D14FDE580A45EtrueMicrosoft CorporationValid 734700x80000000000000006501026Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\mscoree.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft .NET Runtime Execution EngineMicrosoft® Windows® Operating SystemMicrosoft Corporationmscoree.dllMD5=5ECE402D7E12EC3750D044BF3D878DF6,SHA256=3F02B1AE7B61BC36B04EA2B82ED79F112219F4E9668518030FF14B005E2C9BBCtrueMicrosoft WindowsValid 734700x80000000000000006501024Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\twinapi.appcore.dll10.0.14393.4169 (rs1_release.210107-1130)twinapi.appcoreMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.appcore.dllMD5=B877C5BDEA2215B3D3CF89F645EB535C,SHA256=2F5468CC4277C8CB4B2AD1095AFC739ECAE0F0B6EE78E57BF64A97F3BDA54C19trueMicrosoft WindowsValid 734700x80000000000000006501022Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\WinTypes.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Base Types DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWinTypes.dllMD5=9F209F29ABFF007F55328BCC36367005,SHA256=7F2CBE9B349062DFD782032D50C335E6C292EC5F509746941982A7161F24ED84trueMicrosoft WindowsValid 734700x80000000000000006501020Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.021{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\Windows.Security.Authentication.Web.Core.dll10.0.14393.4169 (rs1_release.210107-1130)Token Broker WinRT APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Security.Authentication.Web.Core.dllMD5=E3AB65431FF6EA142FECF301220904D0,SHA256=60F168A317109BA364699F1FA1A2DDD8E5B0008A16CD7F1DB80583848DFCA7CFtrueMicrosoft WindowsValid 734700x80000000000000006501019Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.020{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\normaliz.dll10.0.14393.0 (rs1_release.160715-1616)Unicode Normalization DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnormaliz.dllMD5=65930A2C537774A8CBB0A1BE20266D51,SHA256=2879DECC03521C385C5D29381B002E7B70BB448BC2787D9C08174592C7D80BC8trueMicrosoft WindowsValid 734700x80000000000000006501018Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.018{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006501015Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.000{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006501014Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.000{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006501011Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.000{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\WindowsCodecs.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Windows Codecs LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationWindowsCodecsMD5=B791899A46FD151559658F4F86C3C6F5,SHA256=E559B36A3CC2261C16916F2D49FA351DC4E21E5EC581AC43547ABA16F70CDA7EtrueMicrosoft WindowsValid 734700x80000000000000006501010Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.000{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\d3d10warp.dll10.0.14393.2608 (rs1_release.181024-1742)Direct3D 10 RasterizerMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D10Warp.dllMD5=B69F0419A16A616FE2D779EC98CD7FB9,SHA256=2D10B43F2137433E48A009227487C691E312D186691485D33B4FDF90D8423C9DtrueMicrosoft WindowsValid 734700x80000000000000006501009Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.000{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\d3d11.dll10.0.14393.4467 (rs1_release.210604-1844)Direct3D 11 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D11.dllMD5=F940A91B13592184F228ECC14D8D9358,SHA256=2BC05A4D09CDBAB8DB5F767DC95F31B2CA324928A94F004C7C2968E3E9E635E2trueMicrosoft WindowsValid 734700x80000000000000006501008Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.000{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\d3d10_1core.dll10.0.14393.0 (rs1_release.160715-1616)Direct3D 10.1 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D10_1Core.dllMD5=AD41EACFB2A670E17F2C09F8AB06F428,SHA256=208B4CF05936AC21EB0337FB17B1B8F12D778A6E880435C589202457EB0CF73EtrueMicrosoft WindowsValid 734700x80000000000000006501007Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:24.000{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\d3d10_1.dll10.0.14393.0 (rs1_release.160715-1616)Direct3D 10.1 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D10_1.dllMD5=9945D52ACD8FED11F0A636F916C4FF16,SHA256=97C5A99ED38F8516133D6B95070C5998BAAE75EAEF730531D91B81FEE4B81D82trueMicrosoft WindowsValid 734700x80000000000000006501974Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006501973Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006501972Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36trueMicrosoft WindowsValid 734700x80000000000000006501971Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430DtrueMicrosoft WindowsValid 734700x80000000000000006501969Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\thumbcache.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Thumbnail CacheMicrosoft® Windows® Operating SystemMicrosoft Corporationthumbcache.dllMD5=C146766884A92B154F2EB38463F2263D,SHA256=48C5CC7760187EDB140A904D3AC5FD24F740973CDBA07962047859F84E7BEB9CtrueMicrosoft WindowsValid 734700x80000000000000006501967Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12trueMicrosoft WindowsValid 734700x80000000000000006501966Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002AtrueMicrosoft WindowsValid 734700x80000000000000006501965Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006501964Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006501963Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006501962Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006501960Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006501958Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006501957Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006501956Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.167{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006501955Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.151{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006501954Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.151{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006501953Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.151{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006501952Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.151{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006501949Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.151{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006501948Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.151{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006501946Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.151{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006501945Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.151{4DF467A6-4349-613A-1CFB-00000000F001}7940C:\Windows\System32\dllhost.exeC:\Windows\System32\dllhost.exe10.0.14393.0 (rs1_release.160715-1616)COM SurrogateMicrosoft® Windows® Operating SystemMicrosoft Corporationdllhost.exeMD5=DA63852A2B0340E94D74EAF0CD444979,SHA256=EE8364C07B3F4F71FA649E0E6C4C73C15D285130E4B16E79890EEBBF89C2164EtrueMicrosoft WindowsValid 734700x80000000000000006501923Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.098{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\dsparse.dll10.0.14393.0 (rs1_release.160715-1616)Active Directory Domain Services APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdsparse.dllMD5=E9B5EFC173FDD55C00B2F28B8BAC144B,SHA256=0CA602484CD0E2C67091FCD60091608BF746B1D05B353DB9805D1CAE0ED09D70trueMicrosoft WindowsValid 734700x80000000000000006501922Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.098{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006501920Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.098{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\certca.dll10.0.14393.3053 (rs1_release_inmarket.190612-1836)Microsoft® Active Directory Certificate Services CAMicrosoft® Windows® Operating SystemMicrosoft CorporationCertCaMD5=8F23364460E12C9A157F88B9B4A86F2E,SHA256=51B5550668D6420C5DA988FEF83564DD9B4E911866EF4FC80748C8B219789F23trueMicrosoft WindowsValid 734700x80000000000000006501919Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.098{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\CertEnroll.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft® Active Directory Certificate Services Enrollment ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationCertEnrollMD5=20ADB479CDAFBDFB60D8D6E0AD7D6588,SHA256=C1C86EE623A9BCA85CE4D6AD7DA9F75C18E62DA2341219FCF45A73FD0CF5123BtrueMicrosoft WindowsValid 734700x80000000000000006501884Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.036{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006501883Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.036{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\sppobjs.dll10.0.14393.4583 (rs1_release.210730-1850)Software Protection Platform PluginsMicrosoft® Windows® Operating SystemMicrosoft Corporationsppobjs.dllMD5=70045B78DCFD4DE800A61A51E60D83DC,SHA256=557A2F2C1F6E766E3CBE8A6E91F7614717848B754242097E820C32EED148A530trueMicrosoft WindowsValid 734700x80000000000000006501879Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.020{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\Clipc.dll10.0.14393.0 (rs1_release.160715-1616)Client Licensing Platform ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationClipC.dllMD5=C1ADE6C578AFD608EBC63BEB0F85ABD7,SHA256=7195914FD6FF035601607636E8EEFC58074852FD9983DB4A7E9DFEAEFA3D8382trueMicrosoft WindowsValid 734700x80000000000000006501878Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.020{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\dsrole.dll10.0.14393.0 (rs1_release.160715-1616)DS Setup Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationDSROLE.DLLMD5=2A319EC8DF0FB5C46CF311B9D2B65B1D,SHA256=62B8900EFDF4B30E54E11232A8DA95DBF066DAEFD364A66EB99ADC028A3798F7trueMicrosoft WindowsValid 734700x80000000000000006501877Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:25.020{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\sppwinob.dll10.0.14393.4530 (rs1_release.210705-0736)Software Protection Platform Windows PluginMicrosoft® Windows® Operating SystemMicrosoft Corporationsppwinob.dllMD5=131DCFFFD0F2560BCD89F6ECBCC8A2D1,SHA256=5FB678235EC5BB4417B9D69AD7095A6C13AC1C008FA2647BE09205434E57AA4AtrueMicrosoft WindowsValid 734700x80000000000000006502383Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:26.450{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\wbem\wbemprox.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemprox.dllMD5=B7B56FAC395BEEDC20120FD0170A23A3,SHA256=7BDF579D7348D84F251A8411E40E14ADF9406F954914C1C4DE30E880DCF6CEB3trueMicrosoft WindowsValid 734700x80000000000000006502563Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:29.514{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\CSS7DATA0009.DLL16.0.55555.10000Microsoft ENGLISH Natural Language Server Data and CodeNatural Language ComponentsMicrosoft Corporationcss7Data0009.dllMD5=7E61F72C2CC4AAC44084734CCD4B93CB,SHA256=2933C7FD5143F453C4C085BC7023CB5BC88DC73B5FDE60171930393C645215D8trueMicrosoft CorporationValid 734700x80000000000000006502562Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:29.514{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\mscss7en.dll16.0.55555.10000Natural Language Development Platform 7 - PRMNatural Language ComponentsMicrosoft Corporationmscss7en.dllMD5=9605B976D5B190DCA0A6A6F3D2ECAF2B,SHA256=AA7527AAAC1DAAE1D97EF0D1BE5CEA412C0653DD5AB0B9B631BD3F569EC7B56EtrueMicrosoft CorporationValid 734700x80000000000000006502560Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:29.514{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\PROOF\msgrammar8.dll16.0.55555.10000Grammar Proofing ServiceMicrosoft OfficeMicrosoft CorporationMSGrammar8.dllMD5=226E8BFDAE2E5157512CD97901C4B3A2,SHA256=D77B275C0502165DA334F8316B2406A2F0E8180CA1D62B774D53BBC6543EED4DtrueMicrosoft CorporationValid 734700x80000000000000006502558Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:29.492{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\PROOF\msspell7.dll16.0.55555.10000Natural Language Spelling ServiceNatural Language ComponentsMicrosoft Corporationmsspell7.dllMD5=7685BFAE020B898D319F2670D9E93CCB,SHA256=F4D8041B630477B282ECB822E5B7494DBBA67DCE1AC8F4CA293203E4410DD9DFtrueMicrosoft CorporationValid 734700x80000000000000006502554Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:29.492{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\OneCoreUAPCommonProxyStub.dll10.0.14393.3808 (rs1_release.200707-2105)OneCoreUAP Common Proxy StubMicrosoft® Windows® Operating SystemMicrosoft CorporationOneCoreUAPCommonProxyStub.dllMD5=9F8EF1431E82015CD1918582A770DB35,SHA256=FC2073DCE9AC41DBF338FAFE85F2429D6D3812573D2192C7A906C1D46E0AB4FAtrueMicrosoft WindowsValid 734700x80000000000000006502553Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:29.492{4DF467A6-4448-6132-F405-00000000F001}4352C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\OneCoreUAPCommonProxyStub.dll10.0.14393.3808 (rs1_release.200707-2105)OneCoreUAP Common Proxy StubMicrosoft® Windows® Operating SystemMicrosoft CorporationOneCoreUAPCommonProxyStub.dllMD5=9F8EF1431E82015CD1918582A770DB35,SHA256=FC2073DCE9AC41DBF338FAFE85F2429D6D3812573D2192C7A906C1D46E0AB4FAtrueMicrosoft WindowsValid 734700x80000000000000006502552Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:29.477{4DF467A6-4448-6132-F405-00000000F001}4352C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\MsSpellCheckingFacility.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Spell Checking FacilityMicrosoft® Windows® Operating SystemMicrosoft CorporationMsSpellCheckingFacility.dllMD5=C0079D2D05B1563423C2BF0AED09CE87,SHA256=B55921D0A70FC3F5097010F49C6342E47F30F6B6EB4475CC4F7683954A00836EtrueMicrosoft WindowsValid 734700x80000000000000006502551Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:29.477{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\MsSpellCheckingFacility.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Spell Checking FacilityMicrosoft® Windows® Operating SystemMicrosoft CorporationMsSpellCheckingFacility.dllMD5=C0079D2D05B1563423C2BF0AED09CE87,SHA256=B55921D0A70FC3F5097010F49C6342E47F30F6B6EB4475CC4F7683954A00836EtrueMicrosoft WindowsValid 734700x80000000000000006502544Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:29.477{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Program Files\Microsoft Office\root\Office16\msproof7.dll16.0.55555.10000Proofing ServicesNatural Language ComponentsMicrosoft CorporationMSProof7.dllMD5=0B5AE10DC8D082C28CD1F7C66DBF6063,SHA256=53075E69BF554B0560B3E0B5E726B4F34326DBD0967EE29DC84E1AF8778A51B8trueMicrosoft CorporationValid 734700x80000000000000006502604Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:33.970{4DF467A6-4347-613A-19FB-00000000F001}8188C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEC:\Windows\System32\actxprxy.dll10.0.14393.3808 (rs1_release.200707-2105)ActiveX Interface Marshaling LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationActXPrxy.dllMD5=087C47C19BBFCB9F4932C03C0189E86B,SHA256=9BEE35FBFA2E595372D82E8858BE46CE7717E0399996960398BC238F4D0E5207trueMicrosoft WindowsValid 734700x80000000000000006502789Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:58.908{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006502788Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:58.908{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\taskschd.dll10.0.14393.4402 (rs1_release.210426-1725)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=76BF5CA81C749140E05C7519B13B299E,SHA256=D5CBDB2EEE67E582198F9DB213EC95DF9107F08D646E67FFA723066CC434B515trueMicrosoft WindowsValid 734700x80000000000000006502787Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:24:58.908{4DF467A6-4348-613A-1BFB-00000000F001}5580C:\Windows\System32\sppsvc.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006502956Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006502955Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006502954Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006502952Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006502950Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006502949Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006502948Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006502947Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006502946Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006502945Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006502944Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006502943Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006502942Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006502941Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006502940Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006502939Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006502938Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006502937Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006502936Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006502935Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006502934Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006502933Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006502932Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006502931Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006502930Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006502929Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.887{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006502928Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.871{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006502927Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.871{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006502926Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.871{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006502925Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.871{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006502924Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.871{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006502923Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.871{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006502922Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.871{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006502921Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.871{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006502920Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.871{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006502918Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.871{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006502917Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.871{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006502916Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.871{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006502915Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.871{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006502904Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.335{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006502902Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.319{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006502901Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.319{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006502900Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.204{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006502899Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.204{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006502898Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.204{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006502896Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.204{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006502894Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006502893Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006502892Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006502891Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006502890Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006502889Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006502888Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006502887Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006502886Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006502885Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006502884Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006502883Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006502882Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006502881Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006502880Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006502879Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006502878Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006502877Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006502876Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006502875Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006502874Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006502873Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006502872Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006502871Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006502870Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006502869Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006502868Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006502867Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006502866Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006502865Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006502864Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006502863Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006502861Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006502860Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006502859Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006502858Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:02.188{4DF467A6-436E-613A-1DFB-00000000F001}7452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006503023Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.701{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006503022Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.701{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006503021Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.701{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006503018Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.568{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006503017Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.567{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006503016Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.567{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006503014Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.566{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006503012Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.564{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006503011Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.564{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006503010Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006503009Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006503008Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006503007Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006503006Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006503005Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006503004Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006503003Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006503002Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006503001Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006503000Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006502999Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006502998Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006502997Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006502996Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006502995Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006502994Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006502993Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006502992Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006502991Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006502990Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006502989Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006502988Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006502987Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006502986Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006502985Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006502984Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006502983Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006502982Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006502981Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006502979Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006502978Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006502977Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006502976Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.548{4DF467A6-436F-613A-1FFB-00000000F001}1352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006502960Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.018{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006502958Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.018{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006502957Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:03.018{4DF467A6-436E-613A-1EFB-00000000F001}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006503156Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.931{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006503155Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.931{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006503154Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.931{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006503152Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.931{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006503150Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.931{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006503149Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.931{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006503148Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.931{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006503147Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.931{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006503146Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006503145Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006503144Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006503143Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006503142Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006503141Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006503140Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006503139Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006503138Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006503137Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006503136Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006503135Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006503134Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006503133Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006503132Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006503131Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006503130Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006503129Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006503128Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006503127Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006503126Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006503125Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006503124Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006503123Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006503122Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006503121Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006503120Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006503119Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006503117Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006503116Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006503115Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006503114Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.915{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006503099Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.369{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006503097Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.369{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006503096Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.369{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006503081Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.248{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006503080Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.248{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006503079Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.248{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006503077Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.248{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006503075Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.248{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006503074Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006503073Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006503072Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006503071Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006503070Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006503069Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006503068Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006503067Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006503066Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006503065Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006503064Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006503063Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006503062Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006503061Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006503060Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006503059Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006503058Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006503057Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006503056Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006503055Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006503054Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006503053Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006503052Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006503051Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006503050Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006503049Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006503048Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006503047Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006503046Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006503045Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006503043Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006503042Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006503041Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006503040Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:04.232{4DF467A6-4370-613A-20FB-00000000F001}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006503273Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.764{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006503272Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.763{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006503271Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.762{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006503268Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.630{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006503267Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.630{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006503266Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.630{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006503264Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.630{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006503262Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.630{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006503253Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.630{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006503252Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006503238Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.630{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006503235Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.630{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006503230Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006503209Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006503208Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006503207Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006503206Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006503205Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006503204Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006503203Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006503202Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006503201Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006503200Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006503199Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006503198Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006503197Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006503196Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006503195Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006503194Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006503193Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006503192Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006503191Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006503190Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006503189Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006503188Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006503187Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006503185Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006503184Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006503183Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006503182Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006503181Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006503180Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006503179Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006503177Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006503176Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006503175Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006503174Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.615{4DF467A6-4371-613A-22FB-00000000F001}6288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006503160Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.046{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006503159Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:05.046{4DF467A6-4370-613A-21FB-00000000F001}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006503333Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.464{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006503332Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.463{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006503331Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.462{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006503330Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.329{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006503329Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.329{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006503328Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.329{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006503326Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.329{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006503324Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.329{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006503323Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006503322Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006503321Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006503320Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006503319Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006503318Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006503317Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006503316Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006503315Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006503314Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006503313Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006503312Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006503311Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006503310Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006503309Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006503308Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006503307Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006503306Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006503305Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006503304Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006503303Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006503302Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006503301Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006503300Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006503299Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006503298Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006503297Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006503296Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006503295Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006503294Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006503293Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006503291Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006503290Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006503289Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006503288Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:06.314{4DF467A6-4372-613A-23FB-00000000F001}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006503404Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:15.536{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\wpdshext.dll10.0.14393.4169 (rs1_release.210107-1130)Portable Devices Shell ExtensionMicrosoft® Windows® Operating SystemMicrosoft CorporationWpdShExt.dllMD5=CEB555E9099888316A1E2ADE83BA82BF,SHA256=4110FFD5F08100D1F6E1005E2907460E40B3221A0833B821BE291657416E89F0trueMicrosoft WindowsValid 734700x80000000000000006503401Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:15.405{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\mydocs.dll10.0.14393.4169 (rs1_release.210107-1130)My Documents Folder UIMicrosoft® Windows® Operating SystemMicrosoft Corporationmydocs.dllMD5=999FD44CF5713852E6083A43A7917761,SHA256=D5C75951C29B7F0AAA4EC9E9AB3195933E650C1F171092F389FD4DB66CA1CA20trueMicrosoft WindowsValid 734700x80000000000000006503399Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:15.405{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\sendmail.dll10.0.14393.4169 (rs1_release.210107-1130)Send MailMicrosoft® Windows® Operating SystemMicrosoft CorporationSENDMAIL.DLLMD5=04626525E567811FC7ECB3E31D94F8B0,SHA256=678A3A9DD713DC61F72112BD3160B8753F1A50D1179FDFABD265C32103980A6AtrueMicrosoft WindowsValid 734700x80000000000000006503412Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Program Files\Notepad++\notepad++.exe8.14Notepad++ : a free (GPL) source code editorNotepad++Don HO don.h@free.frnotepad++.exeMD5=8D93FF22077355875C7BC59CEBE98B4F,SHA256=A345288CDF2B0A43B64E0C3264FC2839A76C98835CAC1A1920D68E21DD444EB3trueNotepad++Valid 734700x80000000000000006503475Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12trueMicrosoft WindowsValid 734700x80000000000000006503474Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006503473Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006503472Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006503471Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\comdlg32.dll10.0.14393.4283 (rs1_release.210303-1802)Common Dialogs DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcomdlg32.dllMD5=0DB1A588A248E852AD781AE14333A5C6,SHA256=6F9C36C2663B90439A1AEE74855C521FCBBDB8C7B88382C9464906F1691F65F6trueMicrosoft WindowsValid 734700x80000000000000006503468Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\msimg32.dll10.0.14393.0 (rs1_release.160715-1616)GDIEXT Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationgdiextMD5=78DA58DF85F86CA61E5EAFB9EF0A83BE,SHA256=3216205F5C355D582EC4B902651B62E1FF3EFFDCA40BC849D474F13F1325E962trueMicrosoft WindowsValid 734700x80000000000000006503443Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\SensApi.dll10.0.14393.0 (rs1_release.160715-1616)SENS Connectivity API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSensApi.dllMD5=DF734E991C205DC633582B8B5AD0E030,SHA256=68282D0183F3E580EF854BA0EA43686B9CD2ABA8DE61CD867224AC29C237E364trueMicrosoft WindowsValid 734700x80000000000000006503442Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\wininet.dll11.00.14393.4583 (rs1_release.210730-1850)Internet Extensions for Win32Internet ExplorerMicrosoft Corporationwininet.dllMD5=524876363DA8F469C13E0818256B6131,SHA256=DAA85FEAB4553D9A203A85A58C8CB26A2784E0D33226B41AAE98471DAE75C035trueMicrosoft WindowsValid 734700x80000000000000006503441Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002AtrueMicrosoft WindowsValid 734700x80000000000000006503440Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\wintrust.dll10.0.14393.4530 (rs1_release.210705-0736)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=992BCD32EF7680C574A426FAA4933ACA,SHA256=5755AC46B4220784A6E6AC12A755CC10892A5AE59B67924576075A1A29D68B3DtrueMicrosoft WindowsValid 734700x80000000000000006503439Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242trueMicrosoft WindowsValid 734700x80000000000000006503438Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5trueMicrosoft WindowsValid 734700x80000000000000006503437Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006503436Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FAtrueMicrosoft WindowsValid 734700x80000000000000006503435Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899trueMicrosoft WindowsValid 734700x80000000000000006503434Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430DtrueMicrosoft WindowsValid 734700x80000000000000006503433Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006503432Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006503431Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006503430Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575trueMicrosoft WindowsValid 734700x80000000000000006503429Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\windows.storage.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=1D7997E3AFC26B85024D33F835E18056,SHA256=B2376967E156D4971FB66059F6367030AF937943D2EBF80AF856E643B6E95BBFtrueMicrosoft WindowsValid 734700x80000000000000006503428Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704trueMicrosoft WindowsValid 734700x80000000000000006503427Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\shell32.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=837B8644B9CE47EC28152E7D764886E0,SHA256=C5BA64473FB38E6B4592EAFA642AF82715CBC676190985D8D8D4150CE840044FtrueMicrosoft WindowsValid 734700x80000000000000006503426Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:17.002{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006503425Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006503424Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006503423Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006503422Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006503421Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006503420Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006503419Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006503418Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006503417Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5trueMicrosoft WindowsValid 734700x80000000000000006503416Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CAtrueMicrosoft WindowsValid 734700x80000000000000006503415Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006503414Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006503413Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:16.986{4DF467A6-437C-613A-24FB-00000000F001}7988C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006503679Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:23.794{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\wpdshext.dll10.0.14393.4169 (rs1_release.210107-1130)Portable Devices Shell ExtensionMicrosoft® Windows® Operating SystemMicrosoft CorporationWpdShExt.dllMD5=CEB555E9099888316A1E2ADE83BA82BF,SHA256=4110FFD5F08100D1F6E1005E2907460E40B3221A0833B821BE291657416E89F0trueMicrosoft WindowsValid 734700x80000000000000006503676Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:23.663{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Program Files\Windows Photo Viewer\PhotoBase.dll10.0.14393.0 (rs1_release.160715-1616)Photo Base LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationPhotoBase.dllMD5=91C265D9C7BFF499B8745DC4B3F9CB67,SHA256=1E7686931403D2C31BD2102AF80F7E42583D4ECEE3A41D278026C8E9EFFF474EtrueMicrosoft WindowsValid 734700x80000000000000006503649Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:23.663{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\d3d9.dll10.0.14393.447 (rs1_release_inmarket.161102-0100)Direct3D 9 RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationD3D9.dllMD5=98326410B37312F3A57E8040250BDC32,SHA256=ADDEE549568ABA1E45C6868D76162F5DE6E58CBD83C43429EA0F9868ECA3DC42trueMicrosoft WindowsValid 734700x80000000000000006503624Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:23.647{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\efswrt.dll10.0.14393.4169 (rs1_release.210107-1130)Storage Protection Windows Runtime DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationefswrt.dllMD5=3B52E3346B479665AF22772F7A8A5DA5,SHA256=8844843BDEF197239497BDAEAAFE821B7C28D5B6E13DCF4F6F0B8B3A233EF813trueMicrosoft WindowsValid 734700x80000000000000006503599Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:23.678{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\mydocs.dll10.0.14393.4169 (rs1_release.210107-1130)My Documents Folder UIMicrosoft® Windows® Operating SystemMicrosoft Corporationmydocs.dllMD5=999FD44CF5713852E6083A43A7917761,SHA256=D5C75951C29B7F0AAA4EC9E9AB3195933E650C1F171092F389FD4DB66CA1CA20trueMicrosoft WindowsValid 734700x80000000000000006503597Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:23.678{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\sendmail.dll10.0.14393.4169 (rs1_release.210107-1130)Send MailMicrosoft® Windows® Operating SystemMicrosoft CorporationSENDMAIL.DLLMD5=04626525E567811FC7ECB3E31D94F8B0,SHA256=678A3A9DD713DC61F72112BD3160B8753F1A50D1179FDFABD265C32103980A6AtrueMicrosoft WindowsValid 734700x80000000000000006503590Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:23.647{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Program Files\Windows Photo Viewer\PhotoViewer.dll10.0.14393.4169 (rs1_release.210107-1130)Windows Photo ViewerMicrosoft® Windows® Operating SystemMicrosoft CorporationPhotoViewer.dllMD5=E02E0B066DD26F75B9A4C74C5F35FEA8,SHA256=BA7B687ECFACCE65AF3B183535548027C7604A49F8810BC5711CB8B497C143B6trueMicrosoft WindowsValid 734700x80000000000000006503560Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:23.625{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\playtomenu.dll12.0.14393.4169 (rs1_release.210107-1130)Cast to Device Menu DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationplaytomenu.dllMD5=4082A7FE1EE0E1F6E9330091FDBC5016,SHA256=AB50444BE026A013BDCD8D2EDA98543EFBA1962703E936D365C2940E9C008065trueMicrosoft WindowsValid 734700x80000000000000006503860Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.961{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\odbc32.dll10.0.14393.3471 (rs1_release_1.191218-1729)ODBC Driver ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationodbc32.dllMD5=7BE20E672645485F6A3B2E34389344BA,SHA256=B6F6E06CACEE09FB6CC0ACF874477FC9094EA4C14A07FF59B228BDD23C7BF02AtrueMicrosoft WindowsValid 734700x80000000000000006503831Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.946{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\mfc42u.dll6.06.8063.0MFCDLL Shared Library - Retail VersionMicrosoft (R) Visual C++Microsoft CorporationMFC42.DLLMD5=DD361EE0A665F41783E02CEA20285E61,SHA256=457BF44CC1BE99FD74983178AC34E83AEC2ED73DFEE9F9FC7F5F501AD8A6D03BtrueMicrosoft WindowsValid 734700x80000000000000006503809Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.961{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\dpapi.dll10.0.14393.0 (rs1_release.160715-1616)Data Protection APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdpapi.dllMD5=927EA28A3F416A5A5E9FC638CA245EF5,SHA256=D399633CC99D754DD999BB4FFADD768FEA82F57A0241809117AD786DC33DD30EtrueMicrosoft WindowsValid 734700x80000000000000006503808Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.961{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006503805Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.946{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430DtrueMicrosoft WindowsValid 734700x80000000000000006503803Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.861{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\mspaint.exe10.0.14393.4169 (rs1_release.210107-1130)PaintMicrosoft® Windows® Operating SystemMicrosoft CorporationMSPAINT.EXEMD5=40B8190571F063DC4FE30FBCC5024D45,SHA256=2B8B741E318AC49A285943AC6133076958BCFA185D44A868CC3F51085F68EC37trueMicrosoft WindowsValid 734700x80000000000000006503780Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.946{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5trueMicrosoft WindowsValid 734700x80000000000000006503779Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.946{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\comdlg32.dll10.0.14393.4283 (rs1_release.210303-1802)Common Dialogs DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcomdlg32.dllMD5=0DB1A588A248E852AD781AE14333A5C6,SHA256=6F9C36C2663B90439A1AEE74855C521FCBBDB8C7B88382C9464906F1691F65F6trueMicrosoft WindowsValid 734700x80000000000000006503778Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.946{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006503777Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.946{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006503776Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.946{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006503775Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.945{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006503774Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.945{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006503773Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.945{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CAtrueMicrosoft WindowsValid 734700x80000000000000006503771Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.944{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006503770Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.944{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006503769Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.944{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006503768Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.944{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006503767Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.943{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006503766Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.924{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006503765Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.924{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006503764Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.924{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006503761Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.908{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006503737Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.893{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006503723Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:24.893{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006505448Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.876{4DF467A6-3F48-6132-1500-00000000F001}1216C:\Windows\System32\svchost.exeC:\Windows\System32\pnpts.dll10.0.14393.0 (rs1_release.160715-1616)PlugPlay TroubleshooterMicrosoft® Windows® Operating SystemMicrosoft Corporationpnpts.dllMD5=FFA44FD7FEDA32632E8CE84AD0F9101B,SHA256=2A0746A7876C1A430F9C9A5BE4BE28CAA2FF4F73477651AE5CC74462278F333BtrueMicrosoft WindowsValid 734700x80000000000000006505414Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.807{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\DmApiSetExtImplDesktop.dll10.0.14393.0 (rs1_release.160715-1616)DmApiSetExtImplDesktopMicrosoft® Windows® Operating SystemMicrosoft CorporationDmApiSetExtImplDesktop.dllMD5=89A2945D9F03BD5CE4FE786FC3FA01AC,SHA256=ECBF426E75A3C954374FA4FD3F815FCD24D30FE2550013FCBA03C57CCB7EEB7BtrueMicrosoft WindowsValid 734700x80000000000000006505382Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.807{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\iri.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)iriMicrosoft® Windows® Operating SystemMicrosoft Corporationiri.dllMD5=AF8D35DD59781A0C1A1CE0D8792E330C,SHA256=CC67A743C34143F13B9D7265A0FDD4BC23505E9DA8B9F25D7D2CFB25FD67CDC1trueMicrosoft WindowsValid 734700x80000000000000006505362Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.807{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\omadmapi.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)omadmapiMicrosoft® Windows® Operating SystemMicrosoft Corporationomadmapi.dllMD5=EF8BD33B59DC278706C5DDD4198865EA,SHA256=D333877C5C468AF921D3FE7E072A686020AE4140C0828C8C61D7786399D48C2CtrueMicrosoft WindowsValid 734700x80000000000000006505334Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.807{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\dmxmlhelputils.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)dmxmlhelputilsMicrosoft® Windows® Operating SystemMicrosoft Corporationdmxmlhelputils.dllMD5=D736BB34651B8B66B58135B00BC73A9E,SHA256=433472EB2A0F30B3B3DB906AA09DA241775747087329FBA4270F14C213D344F0trueMicrosoft WindowsValid 734700x80000000000000006505306Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.807{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\dmcfgutils.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)dmcfgutilsMicrosoft® Windows® Operating SystemMicrosoft Corporationdmcfgutils.dllMD5=5BB823D136C74E3AEB50A2F8FD1AB3D3,SHA256=22DDB2DB95C4BC76AEDD4527E4F1FD2E3DF6A617442977B05C2876A91F0DEE4DtrueMicrosoft WindowsValid 734700x80000000000000006505281Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.807{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\dmcsps.dll10.0.14393.2608 (rs1_release.181024-1742)dmcspsMicrosoft® Windows® Operating SystemMicrosoft Corporationdmcsps.dllMD5=3E2BE79AA01A983FE8E292BE943A145C,SHA256=CDFCC3B473CD671530926E08ECFE26C3BEB19AE995C63B5BDD7759BEB01EF74BtrueMicrosoft WindowsValid 734700x80000000000000006505256Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.807{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\dmenrollengine.dll10.0.14393.4169 (rs1_release.210107-1130)Enroll Engine DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdmEnrollEngine.dllMD5=586A17DA943C9E82C0FB872B4ED32D70,SHA256=04DCD2D48EDF52AA01611BE64FE3382CB847413F522AFD9B64A272FD7493CFF7trueMicrosoft WindowsValid 734700x80000000000000006505227Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.792{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\enterpriseresourcemanager.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)enterpriseresourcemanager DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationenterpriseresourcemanager.dllMD5=0302E3FE61103E007ACF38D3F07D55A0,SHA256=AC171FD434FB589664C3636D31E51AC96971A9E59CA251CA039A518D3E857C56trueMicrosoft WindowsValid 734700x80000000000000006505201Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.823{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\OnDemandConnRouteHelper.dll10.0.14393.4169 (rs1_release.210107-1130)On Demand Connctiond Route HelperMicrosoft® Windows® Operating SystemMicrosoft CorporationOnDemandConnRouteHelper.dllMD5=BAE78E97BEBB832376654560305922E3,SHA256=6A188DC4F1005E46CCA529E9C757D9B3B5F98E5587AFAA5E4200C7DD2AC73355trueMicrosoft WindowsValid 734700x80000000000000006505195Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.792{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\dmoleaututils.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)dmoleaututilsMicrosoft® Windows® Operating SystemMicrosoft Corporationdmoleaututils.dllMD5=58F5C38F979C23E9C3A8D6EFA7A01CE5,SHA256=C7A6A9B121CC95F906EDEDEFF1CD5C3E8D51295F149982DE66DA6AD73DB79C06trueMicrosoft WindowsValid 734700x80000000000000006505172Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.792{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\dmiso8601utils.dll10.0.14393.0 (rs1_release.160715-1616)dmiso8601utilsMicrosoft® Windows® Operating SystemMicrosoft Corporationdmiso8601utils.dllMD5=2F40C02593E583ADB3A6C6A6A25E0C49,SHA256=0C0A3221B34778274D7808379015DEEBB76B3B8524C01F75105B0C3D44750C2FtrueMicrosoft WindowsValid 734700x80000000000000006505141Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.792{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\configmanager2.dll10.0.14393.4169 (rs1_release.210107-1130)ConfigManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationconfigmanager2.dllMD5=C2DB188E223282022D7475373B4DA96F,SHA256=F19CDC4A555243E2492351EBF5CC0B30E53654DD7D80F7D0884AE3C9CBEAC5E3trueMicrosoft WindowsValid 734700x80000000000000006505109Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.776{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\winsta.dll10.0.14393.0 (rs1_release.160715-1616)Winstation LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationwinsta.dllMD5=12668CEFEE3754CFA61C5699821668B3,SHA256=D0C81619EDE8B846D98417989684EF16DF3A053CC049C7281E40F3359AD5B570trueMicrosoft WindowsValid 734700x80000000000000006505108Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.776{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wtsapi32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Remote Desktop Session Host Server SDK APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationwtsapi32.dllMD5=D0DB3DD09FB2B4ADABF4E719FAFC4EB9,SHA256=8B7C056B5F4AB604ED5077A39C63CE1B5A34929DE76DA4A3C54D6E648D123BABtrueMicrosoft WindowsValid 734700x80000000000000006505107Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.776{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\wmipcima.dll10.0.14393.0 (rs1_release.160715-1616)WMI Win32Ex ProviderMicrosoft® Windows® Operating SystemMicrosoft CorporationWMIPCIMA.dllMD5=BE602701F8F2E4CAFB7E68B1C15C9459,SHA256=8D6F52ACDC1FAB76654A09F47035B7810C874445D78DCF1BAD9A5AA70179A29CtrueMicrosoft WindowsValid 734700x80000000000000006505078Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.776{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006505070Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.760{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\schedcli.dll10.0.14393.0 (rs1_release.160715-1616)Scheduler Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSCHEDCLI.DLLMD5=9565E2180ACA12EC2DAAF237568BB7FF,SHA256=450DEFF97BA11F320372CADABDFEE221D4821652DB14CBE2B2AC22DE6F212C2DtrueMicrosoft WindowsValid 734700x80000000000000006505040Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.760{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\cscapi.dll10.0.14393.0 (rs1_release.160715-1616)Offline Files Win32 APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcscapi.dllMD5=6433F8201BFB449DC6B47F6999C2F164,SHA256=06729F1E0A0596620B48B6DC4A2CC9CC5FE55B17BD488C71F7F15AA4262C8C14trueMicrosoft WindowsValid 734700x80000000000000006505038Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.760{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\dsrole.dll10.0.14393.0 (rs1_release.160715-1616)DS Setup Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationDSROLE.DLLMD5=2A319EC8DF0FB5C46CF311B9D2B65B1D,SHA256=62B8900EFDF4B30E54E11232A8DA95DBF066DAEFD364A66EB99ADC028A3798F7trueMicrosoft WindowsValid 734700x80000000000000006505036Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.760{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006505034Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.760{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\logoncli.dll10.0.14393.3808 (rs1_release.200707-2105)Net Logon Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationLOGONCLI.DLLMD5=B5C16F0A457DB3C7695AAC9EE7E3EE1E,SHA256=88764349C57E619C6D1253BB2F4AFB27DBD141E9EB9C12D445C20F7384A4F437trueMicrosoft WindowsValid 734700x80000000000000006505033Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.760{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006505032Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.760{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006505031Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.760{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\samcli.dll10.0.14393.0 (rs1_release.160715-1616)Security Accounts Manager Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSAMCLI.DLLMD5=AEF1161232D111EEA93F64B203F131AE,SHA256=C1DA3DF389A414AAA26FEEEA28F35AAC202CE3A5CC3AF26B7C0C14EBBC2157F9trueMicrosoft WindowsValid 734700x80000000000000006505030Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.760{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006505026Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.745{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\security.dll10.0.14393.0 (rs1_release.160715-1616)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecurity.dllMD5=0C05DA5BB5C6841C6290F64CA34F1CBD,SHA256=9C48F8D23D42C3CAF06938C2B8AAFCB51E4BE879BA21578FDD9B9D6635F1C0D8trueMicrosoft WindowsValid 734700x80000000000000006505003Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.745{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242trueMicrosoft WindowsValid 734700x80000000000000006505002Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.745{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FAtrueMicrosoft WindowsValid 734700x80000000000000006505001Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.745{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\schannel.dll10.0.14393.4225 (rs1_release.210127-1811)TLS / SSL Security ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationschannel.dllMD5=2562B81E255EB6DF8497402ABC6C59BB,SHA256=340532C238CA5B84BA9D7A2DB4D1CCD58D869FECC44A463A93F54C974E1B41F4trueMicrosoft WindowsValid 734700x80000000000000006504999Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.745{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006504988Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.745{4DF467A6-4348-613A-1AFB-00000000F001}5072C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\winbrand.dll10.0.14393.4530 (rs1_release.210705-0736)Windows Branding ResourcesMicrosoft® Windows® Operating SystemMicrosoft Corporationwinbrand.dllMD5=79E4DAD0DB8F0D1258F7092007354241,SHA256=DDFCF94DA71C8F49DC505F2FC94540037A0955BE831BF59C34BFBB62A998FB20trueMicrosoft WindowsValid 734700x80000000000000006504987Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.707{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\updatepolicy.dll10.0.14393.4169 (rs1_release.210107-1130)Update Policy ReaderMicrosoft® Windows® Operating SystemMicrosoft CorporationUpdatePolicy.dllMD5=09B15E89229BF856D0DF5A32967E334F,SHA256=A59504806F0C8C8DA001C74C7DE5014E5C00281919CE248BE6D8486209609C24trueMicrosoft WindowsValid 734700x80000000000000006504962Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.707{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\wuuhext.dll10.0.14393.4283 (rs1_release.210303-1802)Windows Update Agent plugin for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationWuUhExt.dllMD5=7D00FF754D47F46318931EB52272847E,SHA256=55B5CDDD7793350C2A3FC2E73D9A30705EF00B55ACF2153E44D71F21AB631366trueMicrosoft WindowsValid 734700x80000000000000006504923Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.692{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\esent.dll10.0.14393.3686 (rs1_release.200504-1524)Extensible Storage Engine for Microsoft(R) Windows(R)Microsoft® Windows® Operating SystemMicrosoft Corporationesent.dllMD5=372653326F31FCCA92A05331BCC8C95D,SHA256=B300AF0A4651A44C4D7D344033EB6317480CEF6F9E24BE1B34DA75A1B00C1807trueMicrosoft WindowsValid 734700x80000000000000006504897Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.707{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\msxml6.dll6.30.14393.4530MSXML 6.0Microsoft XML Core ServicesMicrosoft CorporationMSXML6.dllMD5=10A0259030F41545ECAFB6A595F7C457,SHA256=CF160C3ADCE5AA2357697A02C6FC38071CBE1818B036F1C67F746868EB7F814DtrueMicrosoft WindowsValid 734700x80000000000000006504891Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.707{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\wups.dll10.0.14393.4283 (rs1_release.210303-1802)Windows Update client proxy stubMicrosoft® Windows® Operating SystemMicrosoft Corporationwups.dllMD5=45D5EE4A9A44F78C17648C677BF5E316,SHA256=BD21DC9968FF1D392A8416BECDD7B365C9B0E9035512D0D91DD550A61C32E04CtrueMicrosoft WindowsValid 734700x80000000000000006504882Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.707{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\cabinet.dll5.00 (rs1_release.160715-1616)Microsoft® Cabinet File APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcabinet.dllMD5=08A4A2712DB2AE10E483FB74E46B0E73,SHA256=EEB32E3E4256CC9935227ACD5BA576B75F1F6FE3C818D2127513CB22F823FECBtrueMicrosoft WindowsValid 734700x80000000000000006504878Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.660{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\wups2.dll10.0.14393.4104 (rs1_release.201202-1742)Windows Update client proxy stub 2Microsoft® Windows® Operating SystemMicrosoft Corporationwups2.dllMD5=A58988DAC28CECA6A7A88876F2C9AA49,SHA256=55AA65930A8CD53BB8E78176D5FDEA784CDB8360129A2C84C1001DA980F81C90trueMicrosoft WindowsValid 734700x80000000000000006504850Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.660{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\wuaueng.dll10.0.14393.4283 (rs1_release.210303-1802)Windows Update AgentMicrosoft® Windows® Operating SystemMicrosoft Corporationwuaueng.dllMD5=62512DEC2075C86E746999FED5BE3EE7,SHA256=BCE4A05D601D358F06F4D8F996AAA1923A8EE9D37262CC9B20B143BE070C4641trueMicrosoft WindowsValid 734700x80000000000000006504824Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.660{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\wups.dll10.0.14393.4283 (rs1_release.210303-1802)Windows Update client proxy stubMicrosoft® Windows® Operating SystemMicrosoft Corporationwups.dllMD5=45D5EE4A9A44F78C17648C677BF5E316,SHA256=BD21DC9968FF1D392A8416BECDD7B365C9B0E9035512D0D91DD550A61C32E04CtrueMicrosoft WindowsValid 734700x80000000000000006504816Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.623{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\wups.dll10.0.14393.4283 (rs1_release.210303-1802)Windows Update client proxy stubMicrosoft® Windows® Operating SystemMicrosoft Corporationwups.dllMD5=45D5EE4A9A44F78C17648C677BF5E316,SHA256=BD21DC9968FF1D392A8416BECDD7B365C9B0E9035512D0D91DD550A61C32E04CtrueMicrosoft WindowsValid 734700x80000000000000006504784Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.623{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\wuapi.dll10.0.14393.4283 (rs1_release.210303-1802)Windows Update Client APIMicrosoft® Windows® Operating SystemMicrosoft Corporationwuapi.dllMD5=10022E8514165B69D355201C1C647BA4,SHA256=B3E95FEA9C0DC81D9FB14CEBFE2B96E013C9720ED3A4DC7528725791768AA125trueMicrosoft WindowsValid 734700x80000000000000006504763Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.623{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\coml2.dll10.0.14393.2608 (rs1_release.181024-1742)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOML2.DLLMD5=F51CCB7A95B83C1327390BF672AFD328,SHA256=850E50B525EF51374B880146E26464D10A8B1DAE1E0307F7B27DC7322824F2BFtrueMicrosoft WindowsValid 734700x80000000000000006504735Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.508{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\apphelp.dll10.0.14393.4350 (rs1_release.210407-2154)Application Compatibility Client LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationApphelpMD5=92330FA0551BFFBB8C1C97E86F9A0264,SHA256=0F341AF375236EBF7047F6AE50F2834566F0D859F0F02B8A5FFD7F29C31B0117trueMicrosoft WindowsValid 734700x80000000000000006504710Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.523{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\oleacc.dll7.2.14393.4169 (rs1_release.210107-1130)Active Accessibility Core ComponentMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEACC.DLLMD5=1B04659F0A22BFE9142B6AD36467ACEA,SHA256=67BC7C19D71FB98A7B5882B0F2BFC8F2E4491B4ACBE23EE545D54FFCAEC808E9trueMicrosoft WindowsValid 734700x80000000000000006504705Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.445{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\newdev.dll6.0.5054.0Add Hardware Device LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationnewdev.dllMD5=D30B8CDEF65A0A47C32B7BC4D5ADEFA4,SHA256=5B5E91A1147984A2B737DF4148855D331C125AC08AFD5B15848DF93097A935D8trueMicrosoft WindowsValid 734700x80000000000000006504682Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.508{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\PhotoMetadataHandler.dll10.0.14393.4169 (rs1_release.210107-1130)Photo Metadata HandlerMicrosoft® Windows® Operating SystemMicrosoft CorporationPhotoMetadataHandler.dllMD5=6FB0850ABAD1E8FDD1F662FCF819262C,SHA256=3EFCA956A159AE40CE292607EC59E4D258BDE13EAB51AFEF270FE55154CFA26EtrueMicrosoft WindowsValid 734700x80000000000000006504675Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.445{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\DeviceDriverRetrievalClient.dll10.0.14393.4169 (rs1_release.210107-1130)Device Driver Retrieval ClientMicrosoft® Windows® Operating SystemMicrosoft CorporationDeviceDriverRetrievalClient.dllMD5=7C461ED06FD994B8A3E57404D5B8FCBA,SHA256=6F6AB2AB4EC262F4C904B4BCDCC7891B45FDFBEF8AFC79C95503631BB269C2A8trueMicrosoft WindowsValid 734700x80000000000000006504650Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.445{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\DevPropMgr.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Windows Device Property ManagerMicrosoft® Windows® Operating SystemMicrosoft CorporationDevPropMgr.DLLMD5=DA1E3744D62D328893EA0A0C173DA6D8,SHA256=00C5A7703BE29FF8834F9A53258CF0993A21FDE8E0ECF3EF7C31CA756B8B38D3trueMicrosoft WindowsValid 734700x80000000000000006504620Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.441{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\WindowsCodecs.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft Windows Codecs LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationWindowsCodecsMD5=B791899A46FD151559658F4F86C3C6F5,SHA256=E559B36A3CC2261C16916F2D49FA351DC4E21E5EC581AC43547ABA16F70CDA7EtrueMicrosoft WindowsValid 734700x80000000000000006504540Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.440{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\DeviceSetupManager.dll10.0.14393.0 (rs1_release.160715-1616)Device Setup ManagerMicrosoft® Windows® Operating SystemMicrosoft CorporationDeviceSetupManager.dllMD5=7433474BE77F065D2FA628671FE31A3E,SHA256=063ADDC68F48036749E6EC7B2F66284DB29F90F62E9468D16B4EF5A0FDC45E35trueMicrosoft WindowsValid 734700x80000000000000006504506Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.423{4DF467A6-3F48-6132-1200-00000000F001}852C:\Windows\System32\svchost.exeC:\Windows\System32\rmclient.dll10.0.14393.4169 (rs1_release.210107-1130)Resource Manager ClientMicrosoft® Windows® Operating SystemMicrosoft Corporationrmclient.dllMD5=D3ABCEC776B1B1D7457A2E8E05F79EE3,SHA256=C368321C5BB811D937E8ABDD2BC3EB959BB8B65F49C104B5AD746129E4E5D169trueMicrosoft WindowsValid 734700x80000000000000006504484Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.423{4DF467A6-3F48-6132-1200-00000000F001}852C:\Windows\System32\svchost.exeC:\Windows\System32\das.dll10.0.14393.4169 (rs1_release.210107-1130)Device Association ServiceMicrosoft® Windows® Operating SystemMicrosoft Corporationdas.dllMD5=B889E02516F4E8363E3444456AFA4DAE,SHA256=212A4A78C22B8B97C7609EEF9C8F005798596113D8A1799D5FBCEF04D0E44EF0trueMicrosoft WindowsValid 734700x80000000000000006504457Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.461{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12trueMicrosoft WindowsValid 734700x80000000000000006504456Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.408{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\atlthunk.dll10.0.14393.2969 (rs1_release.190503-1820)atlthunk.dllMicrosoft® Windows® Operating SystemMicrosoft Corporationatlthunk.dllMD5=BECA5E9FA540246333036919A57B7AEF,SHA256=62C24B274B38A88C83EE122CB30142C2135953C1A26582AD003512B238CB7FC9trueMicrosoft WindowsValid 734700x80000000000000006504426Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.392{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\atl.dll3.05.2284ATL Module for Windows XP (Unicode)Microsoft (R) Visual C++Microsoft CorporationATL.DLLMD5=C1B73181019C1E1F28F4161B5F198B7F,SHA256=C3678504437D23910C18D3680B05B4E819A2229BDD0E1E0567186C70D814560DtrueMicrosoft WindowsValid 734700x80000000000000006504395Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.392{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\fdPnp.dll10.0.14393.4169 (rs1_release.210107-1130)Pnp Provider DllMicrosoft® Windows® Operating SystemMicrosoft CorporationfdPnp.dllMD5=23D6408C20F4A0047E5F586354492C2F,SHA256=49F69E54AA909ECFD8A463B102BE708B496AD9A1EF73BAD2C10383E234AA75B1trueMicrosoft WindowsValid 734700x80000000000000006504356Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.392{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\sti.dll10.0.14393.3442 (rs1_release.191219-1727)Still Image Devices client DLL Microsoft® Windows® Operating SystemMicrosoft CorporationSTI.DLLMD5=C756057A0E7B12B1DA677BF555513700,SHA256=FF23B7A568CB0A48C7EC53C363F6C0CEE41ACE16D04380C2B598736AA183FB1BtrueMicrosoft WindowsValid 734700x80000000000000006504353Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.392{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\sti.dll10.0.14393.3442 (rs1_release.191219-1727)Still Image Devices client DLL Microsoft® Windows® Operating SystemMicrosoft CorporationSTI.DLLMD5=C756057A0E7B12B1DA677BF555513700,SHA256=FF23B7A568CB0A48C7EC53C363F6C0CEE41ACE16D04380C2B598736AA183FB1BtrueMicrosoft WindowsValid 734700x80000000000000006504306Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.376{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\fundisc.dll10.0.14393.0 (rs1_release.160715-1616)Function Discovery DllMicrosoft® Windows® Operating SystemMicrosoft CorporationFunDisc.dllMD5=0F54ABD1EAC74FC00BED394DC7F3F682,SHA256=366EB1FCC88FA18EAFA954FBBB967B0E1383929E2FADBB54ED2174E9B07F0998trueMicrosoft WindowsValid 734700x80000000000000006504278Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.376{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\deviceassociation.dll10.0.14393.0 (rs1_release.160715-1616)Device Association Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdeviceassociation.dllMD5=68139108F7E1D4327BE76289E14C2159,SHA256=05436A7EE5EE877F3EA6B12604D41EFCE288F093AAEE03A906FB7C9A4A76DFDAtrueMicrosoft WindowsValid 734700x80000000000000006504254Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.408{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\UIRibbonRes.dll10.0.14393.2969 (rs1_release.190503-1820)Windows Ribbon Framework ResourcesMicrosoft® Windows® Operating SystemMicrosoft CorporationUIRibbonRes.dllMD5=0E292AC74DFBCBC12876A2B9F1BAD117,SHA256=058A57CF7DE921134A785903FF03CB254F07F901D9561EEFEFFA3597D0CC3BC9trueMicrosoft WindowsValid 734700x80000000000000006504251Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.376{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\wsdchngr.dll10.0.14393.0 (rs1_release.160715-1616)WSD Challenge ComponentMicrosoft® Windows® Operating SystemMicrosoft CorporationWSDChngr.dllMD5=D912A3C7773C63C885D295174FD9BE9A,SHA256=EB4E97A238C74B1DBD9D5086CC04B2922E68736AFDF60CE7989544C948D1D62EtrueMicrosoft WindowsValid 734700x80000000000000006504224Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.408{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=74621C6ABE4E9A568DF0A38E7282D71E,SHA256=0788A092D47800D0EB120A7DBB9E59234D0722A4A2E80ECE6CE70E3A84A3750AtrueMicrosoft WindowsValid 734700x80000000000000006504223Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.376{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBEtrueMicrosoft WindowsValid 734700x80000000000000006504195Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.392{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\wiatrace.dll10.0.14393.0 (rs1_release.160715-1616)WIA TracingMicrosoft® Windows® Operating SystemMicrosoft CorporationWIATRACE.DLLMD5=0BC9CC67EF837471465CD54CF416FBE7,SHA256=25DB698335CEAAE5F876662E9BDB3B2AE430D3F39E87375D03DBA39728EA42CDtrueMicrosoft WindowsValid 734700x80000000000000006504190Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.392{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\xmllite.dll10.0.14393.3143 (rs1_release.190725-1725)Microsoft XmlLite LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationXmlLite.dllMD5=64E301CCFADF34810ADA8DE9DBC7720F,SHA256=6EAE1E0E610793C7DF2B27795553F377D2C4126CF74D8EE4A84DE3C3150871F8trueMicrosoft WindowsValid 734700x80000000000000006504189Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.392{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5trueMicrosoft WindowsValid 734700x80000000000000006504188Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.376{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\devobj.dll10.0.14393.0 (rs1_release.160715-1616)Device Information Set DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationdevinfoset.DLLMD5=72AD993A6E896EB50058A73D045F3284,SHA256=CFF524F52D5F91788F34A47076E0CA36132890981079B27F559279B3F6FC3B11trueMicrosoft WindowsValid 734700x80000000000000006504187Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.376{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006504175Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.339{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\wiatrace.dll10.0.14393.0 (rs1_release.160715-1616)WIA TracingMicrosoft® Windows® Operating SystemMicrosoft CorporationWIATRACE.DLLMD5=0BC9CC67EF837471465CD54CF416FBE7,SHA256=25DB698335CEAAE5F876662E9BDB3B2AE430D3F39E87375D03DBA39728EA42CDtrueMicrosoft WindowsValid 734700x80000000000000006504161Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.345{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704trueMicrosoft WindowsValid 734700x80000000000000006504158Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.345{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575trueMicrosoft WindowsValid 734700x80000000000000006504155Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.343{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\cryptdll.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptography ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptdll.dllMD5=4B31902F1E0B79CE7E46D9877647C1CC,SHA256=8925892119315293C49D09A26191149660934BF1E5D3D023722E90339ADA38AAtrueMicrosoft WindowsValid 734700x80000000000000006504154Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.343{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\NtlmShared.dll10.0.14393.3269 (rs1_release.190929-1234)NTLM Shared FunctionalityMicrosoft® Windows® Operating SystemMicrosoft CorporationNtlmShared.dllMD5=99F4D90B3ED53855C06F856006E770D1,SHA256=A95E5823B68182C4E32CB783AD23BC4FF60690001C70E6B5E920C12740C4C37CtrueMicrosoft WindowsValid 734700x80000000000000006504152Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.343{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006504150Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.342{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\msv1_0.dll10.0.14393.3866 (rs1_release.200805-1327)Microsoft Authentication Package v1.0Microsoft® Windows® Operating SystemMicrosoft CorporationMSV1_0.DLLMD5=2A725546D9B1F9DB4974A2EA4225D0A8,SHA256=46AD1AC8C7DB7D21E8F41EFC734B855CEE566CB58F8FB825775490DC5DE89C94trueMicrosoft WindowsValid 734700x80000000000000006504142Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\wiaservc.dll10.0.14393.3866 (rs1_release.200805-1327)Still Image Devices ServiceMicrosoft® Windows® Operating SystemMicrosoft CorporationWIASERVC.DLLMD5=BB702BDEC5677293ABE6874EF5814915,SHA256=2685CC5420C1C5BC52C4C97F852BDA202B8006B82295CB45CD9AEC5EF0ED840AtrueMicrosoft WindowsValid 734700x80000000000000006504126Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.341{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006504122Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.341{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006504116Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\wintrust.dll10.0.14393.4530 (rs1_release.210705-0736)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=992BCD32EF7680C574A426FAA4933ACA,SHA256=5755AC46B4220784A6E6AC12A755CC10892A5AE59B67924576075A1A29D68B3DtrueMicrosoft WindowsValid 734700x80000000000000006504115Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242trueMicrosoft WindowsValid 734700x80000000000000006504114Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FAtrueMicrosoft WindowsValid 734700x80000000000000006504113Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\wldp.dll10.0.14393.3143 (rs1_release.190725-1725)Windows Lockdown PolicyMicrosoft® Windows® Operating SystemMicrosoft Corporationwldp.dllMD5=51A0208B106B4392AC4B3174B27A39EF,SHA256=EA9955976994C44DC091A07C69E9C863A4D5A960900019D3C4136BDFD1F885D4trueMicrosoft WindowsValid 734700x80000000000000006504112Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5trueMicrosoft WindowsValid 734700x80000000000000006504111Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006504110Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006504109Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006504108Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006504107Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006504106Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006504105Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006504104Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006504103Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006504101Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006504099Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.323{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006504097Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.308{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006504088Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.308{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for Windows ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationsvchost.exeMD5=36F670D89040709013F6A460176767EC,SHA256=438B6CCD84F4DD32D9684ED7D58FD7D1E5A75FE3F3D12AB6C788E6BB0FFAD5E7trueMicrosoft Windows PublisherValid 734700x80000000000000006504086Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.308{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006504077Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.308{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006504068Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.308{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006504067Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.308{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006504065Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.308{4DF467A6-4385-613A-26FB-00000000F001}6908C:\Windows\System32\svchost.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006504059Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.245{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\WinTypes.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Base Types DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWinTypes.dllMD5=9F209F29ABFF007F55328BCC36367005,SHA256=7F2CBE9B349062DFD782032D50C335E6C292EC5F509746941982A7161F24ED84trueMicrosoft WindowsValid 734700x80000000000000006504033Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.245{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006504032Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.245{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\twinapi.appcore.dll10.0.14393.4169 (rs1_release.210107-1130)twinapi.appcoreMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.appcore.dllMD5=B877C5BDEA2215B3D3CF89F645EB535C,SHA256=2F5468CC4277C8CB4B2AD1095AFC739ECAE0F0B6EE78E57BF64A97F3BDA54C19trueMicrosoft WindowsValid 734700x80000000000000006504031Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.245{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\mpr.dll10.0.14393.2879 (rs1_release_inmarket.190313-1855)Multiple Provider Router DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmpr.dllMD5=0E56DB60C434D51769F2DAC48B9AA686,SHA256=3F9AED98B1B7F6A59C219F622FD91C7FD20BFE280935F5334920A02ECCAE7ED6trueMicrosoft WindowsValid 734700x80000000000000006504029Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.245{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\efswrt.dll10.0.14393.4169 (rs1_release.210107-1130)Storage Protection Windows Runtime DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationefswrt.dllMD5=3B52E3346B479665AF22772F7A8A5DA5,SHA256=8844843BDEF197239497BDAEAAFE821B7C28D5B6E13DCF4F6F0B8B3A233EF813trueMicrosoft WindowsValid 734700x80000000000000006504028Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.245{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\xmllite.dll10.0.14393.3143 (rs1_release.190725-1725)Microsoft XmlLite LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationXmlLite.dllMD5=64E301CCFADF34810ADA8DE9DBC7720F,SHA256=6EAE1E0E610793C7DF2B27795553F377D2C4126CF74D8EE4A84DE3C3150871F8trueMicrosoft WindowsValid 734700x80000000000000006504027Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.245{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\UIRibbon.dll10.0.14393.2969 (rs1_release.190503-1820)Windows Ribbon FrameworkMicrosoft® Windows® Operating SystemMicrosoft CorporationUIRibbon.dllMD5=9D1DA01AD4A8FE3EB9A3AA8C624A3D17,SHA256=CCBCB2185E26DFDCA2F4E1602C30F5765EC1513CCCEE0B78EB4DD8A5E881D6EEtrueMicrosoft WindowsValid 734700x80000000000000006504018Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.208{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006503907Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.208{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\msftedit.dll10.0.14393.4169 (rs1_release.210107-1130)Rich Text Edit Control, v8.5Microsoft® Windows® Operating SystemMicrosoft CorporationMsftEdit.DLLMD5=0278F6675C79A2013494CDDDCFD6C7B3,SHA256=14F536EB288788586C90DE568BAB6C113D3F4CCD0EE732A17D438A23B225720AtrueMicrosoft WindowsValid 734700x80000000000000006503906Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.177{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\msctf.dll10.0.14393.4530 (rs1_release.210705-0736)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=E2374A214A9F0C8347C29EBDE3447986,SHA256=F2260FE7E0C4E92D49CF0F550E2A1B3D3F1D2D76E6F5C8F16B0E16B6117D9EE1trueMicrosoft WindowsValid 734700x80000000000000006503903Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.177{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12trueMicrosoft WindowsValid 734700x80000000000000006503902Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.177{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.4530_none_aec97a71ddd5fa56\GdiPlus.dll10.0.14393.4530 (rs1_release.210705-0736)Microsoft GDI+Microsoft® Windows® Operating SystemMicrosoft CorporationgdiplusMD5=D1F325FD8BA2F0AA9F853CB05DBDE6F6,SHA256=ED1FDCE716A2D5E0703DEBAE0E272BAA49C750B31773E9C0ADFCF5F9758F9350trueMicrosoft WindowsValid 734700x80000000000000006503899Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.177{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\feclient.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT File Encryption Client InterfacesMicrosoft® Windows® Operating SystemMicrosoft CorporationFECLIENT.DLLMD5=AFCC2CA506D4A09F7D8B79BBF7D2CF1E,SHA256=6616D794EC0DE4CE7A99451AA5B299CEE213618D8F0854D1D6987862472FAD6BtrueMicrosoft WindowsValid 734700x80000000000000006503876Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.177{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002AtrueMicrosoft WindowsValid 734700x80000000000000006503873Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.177{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1CtrueMicrosoft WindowsValid 734700x80000000000000006503872Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.177{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\winmmbase.dll10.0.14393.0 (rs1_release.160715-1616)Base Multimedia Extension API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMMbase.DLLMD5=24C1E8F8C10471C5A6F0E8AF141211EB,SHA256=75ECAE23C920D81614BA5C0648377C2FC04C7379FD6A388C244A81F50AAB7B1CtrueMicrosoft WindowsValid 734700x80000000000000006503871Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.161{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36trueMicrosoft WindowsValid 734700x80000000000000006503870Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.161{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\winmm.dll10.0.14393.0 (rs1_release.160715-1616)MCI API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWINMM.DLLMD5=F16410F5D557337B05CF4F93691EC106,SHA256=2B5BC3C0A6514356C6719298FC25D8D192A2C973EE3283EF48379D2745C9BD87trueMicrosoft WindowsValid 734700x80000000000000006503869Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.161{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899trueMicrosoft WindowsValid 734700x80000000000000006503868Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.161{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006503867Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.161{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575trueMicrosoft WindowsValid 734700x80000000000000006503866Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.161{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\windows.storage.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=1D7997E3AFC26B85024D33F835E18056,SHA256=B2376967E156D4971FB66059F6367030AF937943D2EBF80AF856E643B6E95BBFtrueMicrosoft WindowsValid 734700x80000000000000006503865Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.108{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704trueMicrosoft WindowsValid 734700x80000000000000006503864Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:25.108{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\shell32.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=837B8644B9CE47EC28152E7D764886E0,SHA256=C5BA64473FB38E6B4592EAFA642AF82715CBC676190985D8D8D4150CE840044FtrueMicrosoft WindowsValid 734700x80000000000000006506445Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.974{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\servicing\CbsApi.dll10.0.14393.0 (rs1_release.160715-1616)Component Based Servicing API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcbsapi.dllMD5=176E556358F4F4868397D080CA660F6E,SHA256=A41CED61F2C7E67FE65397F9AC037EF0C720A168C183C647F8FAD07A8DA0B6AEtrueMicrosoft WindowsValid 734700x80000000000000006506444Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.974{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\servicing\CbsApi.dll10.0.14393.0 (rs1_release.160715-1616)Component Based Servicing API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcbsapi.dllMD5=176E556358F4F4868397D080CA660F6E,SHA256=A41CED61F2C7E67FE65397F9AC037EF0C720A168C183C647F8FAD07A8DA0B6AEtrueMicrosoft WindowsValid 734700x80000000000000006506443Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.974{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006506441Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.974{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006506440Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.974{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006506439Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.974{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006506438Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.974{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006506437Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.974{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006506435Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.974{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006506434Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.974{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006506433Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.974{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006506432Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.974{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006506431Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.974{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\wdscore.dll10.0.14393.4222 (rs1_release.210113-1739)Panther Engine ModuleMicrosoft® Windows® Operating SystemMicrosoft CorporationWDSCORE.DLLMD5=98DE446AA9B3B6CEBE69CD86215D843C,SHA256=2D15FB7CC3A7DB626F3F9522B0C3EF8995919EC9775DA171A5F755A690FDAE97trueMicrosoft WindowsValid 734700x80000000000000006506429Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.959{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006506428Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.959{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006506427Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.959{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006506426Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.959{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006506425Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.959{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006506424Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.959{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006506423Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.959{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006506422Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.959{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006506421Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.959{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006506420Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.959{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006506419Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.959{4DF467A6-4386-613A-27FB-00000000F001}6376C:\Windows\servicing\TrustedInstaller.exeC:\Windows\servicing\TrustedInstaller.exe10.0.14393.3564 (rs1_release.200303-1942)Windows Modules InstallerMicrosoft® Windows® Operating SystemMicrosoft CorporationTrustedInstaller.exeMD5=187076E4BC7B2F5FB7D54D1234B3CDEA,SHA256=7AE4CC64E2F0E5C58ABB6542233DA78B9AEAAD22C9D853AB96265EF3FBFEFABEtrueMicrosoft WindowsValid 734700x80000000000000006506291Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.743{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\msi.dll5.0.14393.4530Windows InstallerWindows Installer - UnicodeMicrosoft Corporationmsi.dllMD5=4479EEB5C5400D4C084274BA015750FA,SHA256=6B30AE7147132038E603EEB2D35C35BB3D03EC5AFA560D31969E2D39A44ACDCDtrueMicrosoft WindowsValid 734700x80000000000000006506054Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.522{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\dispci.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft Display Class InstallerMicrosoft® Windows® Operating SystemMicrosoft CorporationDispCI.dllMD5=78287C2EB0594C1FD9657775646CC907,SHA256=F2F5C8F3FE65081E397A6394B328E3175DB0F91B7C067A4D1AB9525869A2B094trueMicrosoft WindowsValid 734700x80000000000000006505593Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.444{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006505585Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:26.442{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\webservices.dll10.0.14393.2312 (rs1_release.180607-1919)Windows Web Services RuntimeMicrosoft® Windows® Operating SystemMicrosoft CorporationWebServices.dllMD5=3EE43755685D59060FAC0E2F09D67686,SHA256=BF80D9B840C28BC4E8FE9A4E6DBCCCAEE37A108F83428ABA1DD780D5312369D8trueMicrosoft WindowsValid 734700x80000000000000006506692Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.205{4DF467A6-4384-613A-25FB-00000000F001}7492C:\Windows\System32\mspaint.exeC:\Windows\System32\msxml6.dll6.30.14393.4530MSXML 6.0Microsoft XML Core ServicesMicrosoft CorporationMSXML6.dllMD5=10A0259030F41545ECAFB6A595F7C457,SHA256=CF160C3ADCE5AA2357697A02C6FC38071CBE1818B036F1C67F746868EB7F814DtrueMicrosoft WindowsValid 734700x80000000000000006506509Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.090{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\drupdate.dll10.0.14393.4222 (rs1_release.210113-1739)Driver ServicingMicrosoft® Windows® Operating SystemMicrosoft Corporationdrupdate.dllMD5=89A624107773DCDD4905048FC65B0500,SHA256=5773E23363DDA9CD12CFF5B5892B892658C667A7AB90C1CBD00C7547F76CF2A5trueMicrosoft WindowsValid 734700x80000000000000006506508Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.074{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\wcp.dll10.0.14393.4349 (rs1_release.210331-1403)Windows Componentization Platform Servicing APIMicrosoft® Windows® Operating SystemMicrosoft Corporationwcp.dllMD5=01573760EC093605F06B802636B2EE18,SHA256=E07A79DEC5CAA5D3610C34C73F3EF982568BB0E645CF9837317ADA95BA14B18FtrueMicrosoft WindowsValid 734700x80000000000000006506507Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.058{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\dpx.dll5.00 (rs1_release.210331-1403)Microsoft(R) Delta Package ExpanderMicrosoft® Windows® Operating SystemMicrosoft Corporationdpx.dllMD5=291F688223AD6EAC661926BEE3EDB518,SHA256=D07A80DC90553BB8A41EAAA71326C8161A947E4097A27B07435ABD561BE35F3FtrueMicrosoft WindowsValid 734700x80000000000000006506502Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.043{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=E0F286AF345442E267C33880492CED31,SHA256=5C6D66F5A748551999BE1CDE33A3A1FC2E10D1297EF275D232A9FDCC95BEA84BtrueMicrosoft WindowsValid 734700x80000000000000006506482Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.043{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\wintrust.dll10.0.14393.4530 (rs1_release.210705-0736)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=992BCD32EF7680C574A426FAA4933ACA,SHA256=5755AC46B4220784A6E6AC12A755CC10892A5AE59B67924576075A1A29D68B3DtrueMicrosoft WindowsValid 734700x80000000000000006506481Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.043{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\setupapi.dll10.0.14393.2608 (rs1_release.181024-1742)Windows Setup APIMicrosoft® Windows® Operating SystemMicrosoft CorporationSETUPAPI.DLLMD5=8EEA3E9E124AC395915517588723F12E,SHA256=ED63B8F0079069271F46EECCB4B0CF384D02BD1E18FE3BA635A0C0B1284B2CBEtrueMicrosoft WindowsValid 734700x80000000000000006506480Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.043{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\sqmapi.dll10.0.14393.0 (rs1_release.160715-1616)SQM ClientMicrosoft® Windows® Operating SystemMicrosoft Corporationsqmapi.dllMD5=D4EBE3E757147E481CF5077084FBB133,SHA256=177FC35DEA1DCE2F851BD94A76CD8C2FE5A91E49C596A0EB842F6AFFA702437EtrueMicrosoft WindowsValid 734700x80000000000000006506478Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.043{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006506477Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.043{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899trueMicrosoft WindowsValid 734700x80000000000000006506476Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.043{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242trueMicrosoft WindowsValid 734700x80000000000000006506475Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.043{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FAtrueMicrosoft WindowsValid 734700x80000000000000006506474Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.043{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006506473Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.043{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\ntmarta.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=854A3CAE7C97B630158C9F7EE8555970,SHA256=20F0A4D99C5095A0CAC39B816BFC987F64CD051843C79E027714666375986176trueMicrosoft WindowsValid 734700x80000000000000006506472Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.043{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704trueMicrosoft WindowsValid 734700x80000000000000006506471Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.043{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006506470Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.043{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\CbsCore.dll10.0.14393.4349 (rs1_release.210331-1403)Component Based Servicing Core DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcbscore.dllMD5=531891F2641C8CB44F5B80949B89C8BC,SHA256=9CE6249F0358BF965D55B1AA1D589F989EF092FE4044A1BDC019D7EC8DF19D63trueMicrosoft WindowsValid 734700x80000000000000006506469Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\servicing\CbsApi.dll10.0.14393.0 (rs1_release.160715-1616)Component Based Servicing API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcbsapi.dllMD5=176E556358F4F4868397D080CA660F6E,SHA256=A41CED61F2C7E67FE65397F9AC037EF0C720A168C183C647F8FAD07A8DA0B6AEtrueMicrosoft WindowsValid 734700x80000000000000006506468Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006506466Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006506465Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006506464Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006506463Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006506462Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006506461Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\wdscore.dll10.0.14393.4222 (rs1_release.210113-1739)Panther Engine ModuleMicrosoft® Windows® Operating SystemMicrosoft CorporationWDSCORE.DLLMD5=98DE446AA9B3B6CEBE69CD86215D843C,SHA256=2D15FB7CC3A7DB626F3F9522B0C3EF8995919EC9775DA171A5F755A690FDAE97trueMicrosoft WindowsValid 734700x80000000000000006506460Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006506459Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006506458Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006506457Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006506456Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006506455Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006506454Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006506453Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006506452Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006506451Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:27.021{4DF467A6-4386-613A-28FB-00000000F001}7792C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exe10.0.14393.4222 (rs1_release.210113-1739)Windows Modules Installer WorkerMicrosoft® Windows® Operating SystemMicrosoft CorporationTiWorker.exeMD5=1571A4132449A317F66DF783E9468783,SHA256=5CFF48937FAE7F0CF5935248959141E2A60E88FE8105C43676B866FDAC36ADD2trueMicrosoft WindowsValid 734700x80000000000000006506807Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:28.544{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\wer.dll10.0.14393.4402 (rs1_release.210426-1725)Windows Error Reporting DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwer.dllMD5=65C4FEDB972CDE71C2AF0F5AFA1C1C15,SHA256=63C1A7AC782F15980F47972E5B481C2E80EBCD1A2A497EAE93F469BD266CC638trueMicrosoft WindowsValid 734700x80000000000000006506782Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:28.544{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\DeviceMetadataRetrievalClient.dll10.0.14393.4169 (rs1_release.210107-1130)Windows MRCMicrosoft® Windows® Operating SystemMicrosoft CorporationMRC.DLLMD5=4C6C39DEFDCA41A4FD30B2F7532EB22B,SHA256=F482AE4355C9425DBA719E102AC9FE7EBAF352578B6A5ACAA2832CFDC8B8C384trueMicrosoft WindowsValid 734700x80000000000000006506755Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:28.513{4DF467A6-3F48-6132-1600-00000000F001}1248C:\Windows\System32\svchost.exeC:\Windows\System32\DDORes.dll10.0.14393.0 (rs1_release.160715-1616)Device Category information and resourcesMicrosoft® Windows® Operating SystemMicrosoft CorporationDeviceCategories.dllMD5=4D558BCF2062138ADC52D6A9297A9732,SHA256=D03BD3F1B5664492E360851297C0347B1E6973C157343E2B144B343C0FABB14CtrueMicrosoft WindowsValid 734700x80000000000000006507335Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.368{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006507306Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.315{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\mpr.dll10.0.14393.2879 (rs1_release_inmarket.190313-1855)Multiple Provider Router DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmpr.dllMD5=0E56DB60C434D51769F2DAC48B9AA686,SHA256=3F9AED98B1B7F6A59C219F622FD91C7FD20BFE280935F5334920A02ECCAE7ED6trueMicrosoft WindowsValid 734700x80000000000000006507287Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002AtrueMicrosoft WindowsValid 734700x80000000000000006507262Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.331{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\twinapi.appcore.dll10.0.14393.4169 (rs1_release.210107-1130)twinapi.appcoreMicrosoft® Windows® Operating SystemMicrosoft Corporationtwinapi.appcore.dllMD5=B877C5BDEA2215B3D3CF89F645EB535C,SHA256=2F5468CC4277C8CB4B2AD1095AFC739ECAE0F0B6EE78E57BF64A97F3BDA54C19trueMicrosoft WindowsValid 734700x80000000000000006507258Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36trueMicrosoft WindowsValid 734700x80000000000000006507218Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.315{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\WinTypes.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Base Types DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWinTypes.dllMD5=9F209F29ABFF007F55328BCC36367005,SHA256=7F2CBE9B349062DFD782032D50C335E6C292EC5F509746941982A7161F24ED84trueMicrosoft WindowsValid 734700x80000000000000006507212Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.315{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\efswrt.dll10.0.14393.4169 (rs1_release.210107-1130)Storage Protection Windows Runtime DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationefswrt.dllMD5=3B52E3346B479665AF22772F7A8A5DA5,SHA256=8844843BDEF197239497BDAEAAFE821B7C28D5B6E13DCF4F6F0B8B3A233EF813trueMicrosoft WindowsValid 734700x80000000000000006507210Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.315{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006507199Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575trueMicrosoft WindowsValid 734700x80000000000000006507170Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.315{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=74621C6ABE4E9A568DF0A38E7282D71E,SHA256=0788A092D47800D0EB120A7DBB9E59234D0722A4A2E80ECE6CE70E3A84A3750AtrueMicrosoft WindowsValid 734700x80000000000000006507168Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.315{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\msctf.dll10.0.14393.4530 (rs1_release.210705-0736)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=E2374A214A9F0C8347C29EBDE3447986,SHA256=F2260FE7E0C4E92D49CF0F550E2A1B3D3F1D2D76E6F5C8F16B0E16B6117D9EE1trueMicrosoft WindowsValid 734700x80000000000000006507165Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430DtrueMicrosoft WindowsValid 734700x80000000000000006507141Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12trueMicrosoft WindowsValid 734700x80000000000000006507133Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006507132Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006507131Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\iertutil.dll11.00.14393.4467 (rs1_release.210604-1844)Run time utility for Internet ExplorerInternet ExplorerMicrosoft CorporationIeRtUtil.dllMD5=1D608361848C3A3AC56488995E8D0BB1,SHA256=D95DE5DBAD08E22CB0CFB9322220E752F16124C15867F7748E4D64795E400EBFtrueMicrosoft WindowsValid 734700x80000000000000006507130Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006507129Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\urlmon.dll11.00.14393.4530 (rs1_release.210705-0736)OLE32 Extensions for Win32Internet ExplorerMicrosoft CorporationUrlMon.dllMD5=B63DBDFEC215CF37259DC4A88ADBD0E7,SHA256=67B02F3DE0AF36E76C2D259CE7833EDA4FE33D935538E8A4C1E7E82130870FC1trueMicrosoft WindowsValid 734700x80000000000000006507128Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006507127Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\feclient.dll10.0.14393.0 (rs1_release.160715-1616)Windows NT File Encryption Client InterfacesMicrosoft® Windows® Operating SystemMicrosoft CorporationFECLIENT.DLLMD5=AFCC2CA506D4A09F7D8B79BBF7D2CF1E,SHA256=6616D794EC0DE4CE7A99451AA5B299CEE213618D8F0854D1D6987862472FAD6BtrueMicrosoft WindowsValid 734700x80000000000000006507125Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899trueMicrosoft WindowsValid 734700x80000000000000006507124Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006507123Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\windows.storage.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=1D7997E3AFC26B85024D33F835E18056,SHA256=B2376967E156D4971FB66059F6367030AF937943D2EBF80AF856E643B6E95BBFtrueMicrosoft WindowsValid 734700x80000000000000006507122Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.284{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\notepad.exe10.0.14393.4169 (rs1_release.210107-1130)NotepadMicrosoft® Windows® Operating SystemMicrosoft CorporationNOTEPAD.EXEMD5=BA78FCF8CA9D806C6C047357E31748DE,SHA256=34A07759492E31AEC2A009505FE8DFB50242375C4308AD4657B2872F4F75A077trueMicrosoft WindowsValid 734700x80000000000000006507112Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704trueMicrosoft WindowsValid 734700x80000000000000006507102Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\shell32.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=837B8644B9CE47EC28152E7D764886E0,SHA256=C5BA64473FB38E6B4592EAFA642AF82715CBC676190985D8D8D4150CE840044FtrueMicrosoft WindowsValid 734700x80000000000000006507096Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CAtrueMicrosoft WindowsValid 734700x80000000000000006507095Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5trueMicrosoft WindowsValid 734700x80000000000000006507094Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\comdlg32.dll10.0.14393.4283 (rs1_release.210303-1802)Common Dialogs DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcomdlg32.dllMD5=0DB1A588A248E852AD781AE14333A5C6,SHA256=6F9C36C2663B90439A1AEE74855C521FCBBDB8C7B88382C9464906F1691F65F6trueMicrosoft WindowsValid 734700x80000000000000006507093Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006507092Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006507091Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006507090Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006507088Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006507087Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006507086Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006507085Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006507084Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006507083Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006507082Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.300{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006507076Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.284{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006507075Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.284{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006507068Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.284{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006507065Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.284{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006507059Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:39.284{4DF467A6-4393-613A-29FB-00000000F001}6472C:\Windows\System32\notepad.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006507602Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:52.649{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\wpdshext.dll10.0.14393.4169 (rs1_release.210107-1130)Portable Devices Shell ExtensionMicrosoft® Windows® Operating SystemMicrosoft CorporationWpdShExt.dllMD5=CEB555E9099888316A1E2ADE83BA82BF,SHA256=4110FFD5F08100D1F6E1005E2907460E40B3221A0833B821BE291657416E89F0trueMicrosoft WindowsValid 734700x80000000000000006507599Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:52.516{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\mydocs.dll10.0.14393.4169 (rs1_release.210107-1130)My Documents Folder UIMicrosoft® Windows® Operating SystemMicrosoft Corporationmydocs.dllMD5=999FD44CF5713852E6083A43A7917761,SHA256=D5C75951C29B7F0AAA4EC9E9AB3195933E650C1F171092F389FD4DB66CA1CA20trueMicrosoft WindowsValid 734700x80000000000000006507597Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:52.516{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\sendmail.dll10.0.14393.4169 (rs1_release.210107-1130)Send MailMicrosoft® Windows® Operating SystemMicrosoft CorporationSENDMAIL.DLLMD5=04626525E567811FC7ECB3E31D94F8B0,SHA256=678A3A9DD713DC61F72112BD3160B8753F1A50D1179FDFABD265C32103980A6AtrueMicrosoft WindowsValid 734700x80000000000000006507580Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:52.501{4DF467A6-3EE5-613A-21FA-00000000F001}2428C:\Windows\explorer.exeC:\Windows\System32\wshext.dll5.812.10240.16384Microsoft ® Shell Extension for Windows Script HostMicrosoft ® Windows Script HostMicrosoft Corporationwshext.dllMD5=BA425FEBA35E20778ADB8FAF7268D8A0,SHA256=3A2F8057B4312BE9389CB86C8C3FA8BA3A590E3CE811AB163D77159DB095AA41trueMicrosoft WindowsValid 734700x80000000000000006507649Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.414{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\wininet.dll11.00.14393.4583 (rs1_release.210730-1850)Internet Extensions for Win32Internet ExplorerMicrosoft Corporationwininet.dllMD5=524876363DA8F469C13E0818256B6131,SHA256=DAA85FEAB4553D9A203A85A58C8CB26A2784E0D33226B41AAE98471DAE75C035trueMicrosoft WindowsValid 734700x80000000000000006507648Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12trueMicrosoft WindowsValid 734700x80000000000000006507647Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006507646Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006507645Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006507644Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\msimg32.dll10.0.14393.0 (rs1_release.160715-1616)GDIEXT Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationgdiextMD5=78DA58DF85F86CA61E5EAFB9EF0A83BE,SHA256=3216205F5C355D582EC4B902651B62E1FF3EFFDCA40BC849D474F13F1325E962trueMicrosoft WindowsValid 734700x80000000000000006507643Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\comdlg32.dll10.0.14393.4283 (rs1_release.210303-1802)Common Dialogs DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcomdlg32.dllMD5=0DB1A588A248E852AD781AE14333A5C6,SHA256=6F9C36C2663B90439A1AEE74855C521FCBBDB8C7B88382C9464906F1691F65F6trueMicrosoft WindowsValid 734700x80000000000000006507642Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\SensApi.dll10.0.14393.0 (rs1_release.160715-1616)SENS Connectivity API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSensApi.dllMD5=DF734E991C205DC633582B8B5AD0E030,SHA256=68282D0183F3E580EF854BA0EA43686B9CD2ABA8DE61CD867224AC29C237E364trueMicrosoft WindowsValid 734700x80000000000000006507641Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002AtrueMicrosoft WindowsValid 734700x80000000000000006507640Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\wintrust.dll10.0.14393.4530 (rs1_release.210705-0736)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=992BCD32EF7680C574A426FAA4933ACA,SHA256=5755AC46B4220784A6E6AC12A755CC10892A5AE59B67924576075A1A29D68B3DtrueMicrosoft WindowsValid 734700x80000000000000006507639Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5trueMicrosoft WindowsValid 734700x80000000000000006507638Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242trueMicrosoft WindowsValid 734700x80000000000000006507637Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006507636Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\crypt32.dll10.0.14393.4350 (rs1_release.210407-2154)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=95BA70CFA8087A209500D7D350BF3A59,SHA256=4265157E8DC2A0E32A6328D54181CC31FD24E3017E60B270623C2CDBE5FAB4FAtrueMicrosoft WindowsValid 734700x80000000000000006507635Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899trueMicrosoft WindowsValid 734700x80000000000000006507634Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430DtrueMicrosoft WindowsValid 734700x80000000000000006507633Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006507632Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006507631Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006507630Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575trueMicrosoft WindowsValid 734700x80000000000000006507629Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\windows.storage.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=1D7997E3AFC26B85024D33F835E18056,SHA256=B2376967E156D4971FB66059F6367030AF937943D2EBF80AF856E643B6E95BBFtrueMicrosoft WindowsValid 734700x80000000000000006507628Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704trueMicrosoft WindowsValid 734700x80000000000000006507627Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\shell32.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=837B8644B9CE47EC28152E7D764886E0,SHA256=C5BA64473FB38E6B4592EAFA642AF82715CBC676190985D8D8D4150CE840044FtrueMicrosoft WindowsValid 734700x80000000000000006507626Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006507625Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006507624Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006507623Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006507622Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006507621Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006507620Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006507619Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006507618Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006507617Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=FD486B6FA360ABE43E02E85F3164E9BE,SHA256=733922A216EC03FC6AA405205CD2F8BB81A39180F26839588B97F310E21071B5trueMicrosoft WindowsValid 734700x80000000000000006507616Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\shlwapi.dll10.0.14393.4169 (rs1_release.210107-1130)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=F9E249B6BB80C06BA30A61854567796C,SHA256=E5F62CD5D2FE7BE8D4E029ECA004A8773FF8D1F7AB92C115810AD54B5B8F50CAtrueMicrosoft WindowsValid 734700x80000000000000006507615Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006507614Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006507613Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006507612Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:25:54.383{4DF467A6-43A2-613A-2AFB-00000000F001}7368C:\Program Files\Notepad++\notepad++.exeC:\Program Files\Notepad++\notepad++.exe8.14Notepad++ : a free (GPL) source code editorNotepad++Don HO don.h@free.frnotepad++.exeMD5=8D93FF22077355875C7BC59CEBE98B4F,SHA256=A345288CDF2B0A43B64E0C3264FC2839A76C98835CAC1A1920D68E21DD444EB3trueNotepad++Valid 734700x80000000000000006507878Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.890{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006507877Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.890{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006507876Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.890{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006507874Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.890{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006507872Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006507871Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006507870Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006507869Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006507868Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006507867Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006507866Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006507865Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006507864Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006507863Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006507862Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006507861Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006507860Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006507859Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006507858Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006507857Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006507856Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006507855Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006507854Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006507853Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006507852Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006507851Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006507850Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006507849Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006507848Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006507847Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006507846Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006507845Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006507844Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006507843Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006507842Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006507840Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006507839Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006507838Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006507837Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.874{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006507826Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.343{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006507825Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.343{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006507824Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.343{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006507819Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.206{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006507798Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.206{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006507796Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.206{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006507794Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.206{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006507792Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.206{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006507791Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.206{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006507790Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.206{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006507789Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.206{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006507788Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.206{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006507787Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.206{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006507786Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006507785Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006507784Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006507783Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006507782Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006507781Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006507780Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006507779Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006507778Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006507777Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006507776Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006507775Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006507774Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006507773Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006507772Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006507771Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006507770Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006507769Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006507768Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006507767Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006507766Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006507765Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006507764Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006507763Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006507762Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006507761Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006507760Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006507759Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006507758Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006507757Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006507755Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006507754Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006507753Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006507752Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:02.191{4DF467A6-43AA-613A-2BFB-00000000F001}7968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006507946Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.719{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006507944Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.704{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006507943Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.704{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006507942Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.588{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006507941Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.588{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006507940Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.588{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006507938Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.588{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006507936Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006507935Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006507934Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006507933Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006507932Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006507931Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006507930Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006507929Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006507928Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006507927Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006507926Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006507925Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006507924Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006507923Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006507922Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006507921Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006507920Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006507919Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006507918Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006507917Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006507916Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006507915Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006507914Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006507913Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006507912Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006507911Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006507910Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006507909Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006507908Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006507907Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006507906Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006507905Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006507904Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006507902Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006507901Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006507900Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.573{4DF467A6-43AB-613A-2DFB-00000000F001}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006507882Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.005{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006507880Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.005{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006507879Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:03.005{4DF467A6-43AA-613A-2CFB-00000000F001}7940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006508064Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.986{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006508063Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.986{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006508062Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.986{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006508060Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.986{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006508058Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.986{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006508057Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.986{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006508056Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.986{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006508055Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.986{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006508054Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006508053Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006508052Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006508051Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006508050Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006508049Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006508048Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006508047Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006508046Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006508045Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006508044Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006508043Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006508042Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006508041Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006508040Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006508039Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006508038Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006508037Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006508036Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006508035Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006508034Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006508033Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006508032Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006508031Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006508030Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006508029Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006508028Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006508027Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006508025Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006508024Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006508023Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006508022Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.971{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006508007Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.418{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006508005Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.418{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006508004Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.418{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006507999Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.287{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006507998Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.287{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006507997Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.287{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006507995Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.287{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006507993Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006507992Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006507991Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006507990Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006507989Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006507988Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006507987Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006507986Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006507985Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006507984Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006507983Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006507982Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006507981Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006507980Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006507979Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006507978Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006507977Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006507976Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006507975Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006507974Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006507973Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006507972Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006507971Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006507970Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006507969Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006507968Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006507967Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006507966Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006507965Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006507964Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006507963Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006507961Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006507960Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006507959Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006507958Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:04.272{4DF467A6-43AC-613A-2EFB-00000000F001}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006508129Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.801{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006508128Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.801{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006508127Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.801{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006508126Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.685{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006508125Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.685{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006508124Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.685{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006508122Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.685{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006508120Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006508119Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006508118Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006508117Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006508116Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006508115Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006508114Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006508113Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006508112Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006508111Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006508110Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006508109Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006508108Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006508107Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006508106Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006508105Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006508104Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006508103Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006508102Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006508101Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006508100Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006508099Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006508098Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006508097Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006508096Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006508095Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006508094Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006508093Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006508092Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006508091Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006508090Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006508089Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006508087Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006508086Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006508085Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006508084Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.670{4DF467A6-43AD-613A-30FB-00000000F001}6108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006508066Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.117{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006508065Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:05.102{4DF467A6-43AC-613A-2FFB-00000000F001}7504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006508191Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.500{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006508190Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.500{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006508189Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.500{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006508184Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006508183Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006508182Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006508180Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006508178Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006508177Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006508176Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006508175Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006508174Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006508173Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006508172Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006508171Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006508170Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006508169Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006508168Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006508167Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006508166Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006508165Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006508164Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006508163Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006508162Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006508161Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006508160Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006508159Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006508158Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006508157Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006508156Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006508155Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006508154Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006508153Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006508152Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006508151Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006508150Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006508149Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.353{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006508148Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.337{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006508147Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.337{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006508145Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.337{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006508144Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.337{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006508143Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.337{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006508142Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:26:06.337{4DF467A6-43AE-613A-31FB-00000000F001}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006508632Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.901{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006508631Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.900{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006508630Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.900{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006508628Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.899{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006508626Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.898{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006508625Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.897{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006508624Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.897{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006508623Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.897{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006508622Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006508621Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006508620Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006508619Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006508618Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006508617Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006508616Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006508615Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006508614Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006508613Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006508612Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006508611Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006508610Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006508609Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006508608Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006508607Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006508606Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006508605Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006508604Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006508603Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006508602Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006508601Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006508600Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006508599Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006508598Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006508597Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006508596Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006508595Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006508594Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006508593Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006508592Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006508591Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006508589Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006508588Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006508587Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006508586Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.881{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006508574Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.336{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006508572Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.336{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006508571Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.336{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006508570Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.205{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006508569Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.205{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006508568Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.205{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006508566Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.205{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006508564Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.205{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006508563Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.205{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006508562Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.205{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006508561Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.205{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006508560Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.205{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006508559Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.205{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006508558Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.205{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006508557Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.205{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006508556Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.205{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006508555Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.204{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006508554Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.204{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006508553Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.204{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006508552Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.204{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006508551Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.204{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006508550Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.203{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006508549Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.203{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006508548Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.203{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006508547Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.203{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006508546Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.203{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006508545Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.203{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006508544Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.203{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006508543Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.203{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006508542Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.202{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006508541Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.202{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006508540Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.202{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006508539Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.202{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006508538Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.202{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006508537Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.202{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006508536Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.202{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006508535Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.202{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006508534Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.201{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006508532Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.200{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006508531Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.200{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006508530Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.199{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006508529Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:02.184{4DF467A6-43E6-613A-32FB-00000000F001}2220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006508697Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.703{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006508695Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.703{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006508694Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.703{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006508693Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.582{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006508692Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.582{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006508691Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.582{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006508689Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.582{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006508687Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006508686Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006508685Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006508684Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006508683Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006508682Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006508681Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006508680Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006508679Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006508678Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006508677Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006508676Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006508675Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006508674Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006508673Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006508672Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006508671Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006508670Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006508669Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006508668Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006508667Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006508666Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006508665Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006508664Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006508663Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006508662Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006508661Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006508660Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006508659Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006508658Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006508657Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006508655Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006508654Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006508653Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006508652Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.566{4DF467A6-43E7-613A-34FB-00000000F001}7680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006508635Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.020{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006508634Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.020{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006508633Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:03.020{4DF467A6-43E6-613A-33FB-00000000F001}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006508814Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.902{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006508813Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.902{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006508812Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.902{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006508810Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.902{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006508808Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.902{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006508807Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.902{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006508806Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.902{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006508805Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.902{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006508804Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.898{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006508803Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.898{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006508802Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.898{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006508801Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.898{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006508800Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.897{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006508799Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.897{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006508798Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.897{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006508797Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.896{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006508796Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.896{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006508795Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.896{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006508794Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.896{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006508793Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.896{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006508792Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006508791Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006508790Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006508789Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006508788Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006508787Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006508786Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006508785Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006508784Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006508783Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006508782Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006508781Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006508780Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006508779Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006508778Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006508777Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006508775Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006508774Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006508773Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006508772Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.880{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006508756Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.403{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006508755Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.403{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006508750Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.281{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006508749Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.281{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006508748Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.281{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006508746Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.281{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006508744Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.281{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006508743Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.281{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006508742Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.281{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006508741Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.281{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006508740Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006508739Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006508738Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006508737Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006508736Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006508735Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006508734Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006508733Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006508732Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006508731Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006508730Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006508729Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006508728Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006508727Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006508726Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006508725Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006508724Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006508723Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006508722Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006508721Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006508720Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006508719Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006508718Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006508717Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006508716Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006508715Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006508714Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006508713Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006508711Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006508710Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006508709Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006508708Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:04.266{4DF467A6-43E8-613A-35FB-00000000F001}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006508878Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.879{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006508877Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.879{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006508875Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.879{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006508872Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.879{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006508870Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.879{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006508869Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.879{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006508868Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.879{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006508867Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.879{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006508866Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006508865Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006508864Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006508863Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006508862Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006508861Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006508860Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006508859Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006508858Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006508857Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006508856Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006508855Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006508854Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006508853Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006508852Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006508851Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006508850Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006508849Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006508848Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006508847Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006508846Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006508845Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006508844Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006508843Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006508842Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006508841Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006508840Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006508839Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006508833Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006508832Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006508831Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006508830Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.863{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006508817Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.033{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006508816Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.033{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006508815Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:05.033{4DF467A6-43E8-613A-36FB-00000000F001}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006508938Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.715{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006508937Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.699{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006508936Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.699{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006508935Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.578{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006508934Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.578{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006508933Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.578{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006508931Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.578{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006508929Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.578{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006508928Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.578{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006508927Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006508926Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006508925Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006508924Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006508923Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006508922Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006508921Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006508920Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006508919Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006508918Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006508917Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006508916Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006508915Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006508914Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006508913Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006508912Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006508911Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006508910Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006508909Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006508908Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006508907Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006508906Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006508905Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006508904Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006508903Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006508902Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006508901Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006508900Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006508899Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006508898Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006508896Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006508895Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006508894Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006508893Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.562{4DF467A6-43EA-613A-38FB-00000000F001}7560C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006508882Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.016{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006508880Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.000{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006508879Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:06.000{4DF467A6-43E9-613A-37FB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006509309Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.813{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\thumbcache.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Thumbnail CacheMicrosoft® Windows® Operating SystemMicrosoft Corporationthumbcache.dllMD5=C146766884A92B154F2EB38463F2263D,SHA256=48C5CC7760187EDB140A904D3AC5FD24F740973CDBA07962047859F84E7BEB9CtrueMicrosoft WindowsValid 734700x80000000000000006509279Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.813{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006509278Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.813{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006509277Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.813{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\propsys.dll7.0.14393.4169 (rs1_release.210107-1130)Microsoft Property SystemWindows® SearchMicrosoft Corporationpropsys.dllMD5=013D2BA96C261CDC62ECA7365E1C84D5,SHA256=26896478B6F1AF3756D5B1BB59BF2C6BE1C579B122CC882BAC35FEFB3EC3EE36trueMicrosoft WindowsValid 734700x80000000000000006509274Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.813{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\SHCore.dll10.0.14393.4169 (rs1_release.210107-1130)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=D287E1BC5A148E2BCB482DBD0E925738,SHA256=1C2428AD170165DD8DE960C835D9AAB5B268300A676FE935B177ED5D2607430DtrueMicrosoft WindowsValid 734700x80000000000000006509270Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.813{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12trueMicrosoft WindowsValid 734700x80000000000000006509269Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.813{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002AtrueMicrosoft WindowsValid 734700x80000000000000006509266Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.813{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006509265Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.813{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006509264Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.813{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006509263Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.813{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006509262Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.813{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006509260Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.798{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValid 734700x80000000000000006509259Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.798{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006509258Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.798{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006509257Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.798{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006509256Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.798{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006509255Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.798{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006509254Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.798{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006509252Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.798{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006509251Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.798{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006509250Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.798{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006509249Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:27:23.798{4DF467A6-43FB-613A-39FB-00000000F001}7820C:\Windows\System32\dllhost.exeC:\Windows\System32\dllhost.exe10.0.14393.0 (rs1_release.160715-1616)COM SurrogateMicrosoft® Windows® Operating SystemMicrosoft Corporationdllhost.exeMD5=DA63852A2B0340E94D74EAF0CD444979,SHA256=EE8364C07B3F4F71FA649E0E6C4C73C15D285130E4B16E79890EEBBF89C2164EtrueMicrosoft WindowsValid 734700x80000000000000006509748Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006509747Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006509746Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006509744Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006509742Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006509741Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006509740Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006509739Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006509738Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006509737Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006509736Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006509735Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006509734Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006509733Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006509732Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006509731Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006509730Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006509729Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006509728Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006509727Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006509726Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006509725Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006509724Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006509723Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006509722Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006509721Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006509720Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006509719Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006509718Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006509717Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006509716Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006509715Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006509714Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006509713Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.902{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006509712Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.886{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006509710Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.886{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006509709Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.886{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006509708Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.886{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006509707Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.886{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006509694Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.349{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006509693Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.334{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006509692Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.334{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006509691Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.218{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006509690Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.218{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006509689Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.218{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006509687Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.218{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006509685Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.218{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006509684Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.218{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006509683Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.218{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006509682Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.218{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006509681Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006509680Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006509679Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006509678Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006509677Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006509676Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006509675Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006509674Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006509673Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006509672Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006509671Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006509670Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006509669Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006509668Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006509667Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006509666Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006509665Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006509664Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006509663Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006509662Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006509661Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006509660Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006509659Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006509658Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006509657Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006509656Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006509655Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006509654Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006509652Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006509651Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006509650Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006509649Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:02.202{4DF467A6-4422-613A-3AFB-00000000F001}6816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006509816Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.616{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006509814Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.616{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006509813Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.616{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006509812Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006509811Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006509810Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006509808Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006509806Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006509805Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006509804Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006509803Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006509802Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006509801Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006509800Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006509799Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006509798Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006509797Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006509796Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006509795Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006509794Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006509793Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006509792Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006509791Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006509790Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006509789Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006509788Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006509787Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006509786Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006509785Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006509784Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006509783Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006509782Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006509781Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006509780Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006509779Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006509778Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006509777Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006509776Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006509774Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006509773Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.485{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006509772Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.484{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006509771Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.484{4DF467A6-4423-613A-3CFB-00000000F001}5164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006509752Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.033{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006509750Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.033{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006509749Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:03.033{4DF467A6-4422-613A-3BFB-00000000F001}7836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006509936Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.984{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006509934Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.984{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006509933Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.984{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006509932Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.863{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006509931Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.863{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006509930Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.863{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006509928Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.863{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006509926Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006509925Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006509924Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006509923Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006509922Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006509921Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006509920Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006509919Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006509918Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006509917Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006509916Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006509915Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006509914Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006509913Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006509912Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006509911Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006509910Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006509909Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006509908Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006509907Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006509906Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006509905Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006509904Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006509903Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006509902Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006509901Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006509900Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006509899Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006509898Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006509897Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006509896Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006509895Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006509893Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006509892Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006509891Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006509890Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.847{4DF467A6-4424-613A-3EFB-00000000F001}6484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006509871Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.301{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006509870Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.301{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006509869Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.183{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006509868Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.182{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006509867Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.182{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006509865Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.181{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006509863Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.180{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006509862Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.180{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006509861Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.179{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006509860Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006509859Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006509858Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006509857Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006509856Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006509855Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006509854Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006509853Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006509852Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006509851Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006509850Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006509849Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006509848Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006509847Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006509846Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006509845Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006509844Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006509843Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006509842Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006509841Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006509840Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006509839Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006509838Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006509837Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006509836Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006509835Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006509834Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006509833Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006509832Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006509830Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006509829Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006509828Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006509827Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:04.163{4DF467A6-4424-613A-3DFB-00000000F001}8064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006509996Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.684{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006509995Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.684{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006509994Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.684{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006509993Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.562{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006509992Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.562{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006509991Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.562{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006509989Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.562{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006509987Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.562{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006509986Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006509985Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006509984Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006509983Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006509982Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006509981Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006509980Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006509979Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006509978Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006509977Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006509976Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006509975Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006509974Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006509973Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006509972Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006509971Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006509970Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006509969Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006509968Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006509967Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006509966Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006509965Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006509964Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006509963Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006509962Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006509961Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006509960Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006509959Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006509958Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006509957Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006509956Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006509955Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006509954Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006509953Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006509952Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006509950Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006509949Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006509948Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006509947Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:05.547{4DF467A6-4425-613A-3FFB-00000000F001}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006510060Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.382{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006510059Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.382{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006510058Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.382{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006510057Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.261{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006510056Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.261{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006510055Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.261{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006510053Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.261{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006510051Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006510050Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006510049Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006510048Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006510047Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006510046Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006510045Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006510044Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006510043Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006510042Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006510041Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006510040Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006510039Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006510038Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006510037Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006510036Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006510035Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006510034Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006510033Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006510032Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006510031Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006510030Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006510029Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006510028Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006510027Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006510026Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006510025Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006510024Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006510023Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006510022Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006510021Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006510020Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006510018Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006510017Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006510016Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006510015Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:28:06.245{4DF467A6-4426-613A-40FB-00000000F001}7908C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006510437Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.889{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006510436Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.888{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006510435Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.888{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006510433Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.887{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006510431Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006510430Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006510429Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006510428Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006510427Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006510426Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006510425Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006510424Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006510423Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006510422Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006510421Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006510420Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006510419Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006510418Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006510417Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006510416Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006510415Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006510414Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006510413Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006510412Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006510411Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006510410Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006510409Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006510408Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006510407Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006510406Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006510405Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006510404Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006510403Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006510402Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006510401Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006510399Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006510398Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006510397Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006510396Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.871{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006510385Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.340{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006510383Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.340{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006510382Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.340{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006510381Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006510380Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006510379Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006510377Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006510375Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006510374Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006510373Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006510372Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006510371Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006510370Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006510369Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006510368Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006510367Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006510366Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006510365Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006510364Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006510363Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006510362Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006510361Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006510360Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006510359Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006510358Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006510357Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006510356Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006510355Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006510354Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006510353Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006510352Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006510351Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006510350Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.209{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006510349Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.193{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006510348Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.193{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006510347Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.193{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006510346Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.193{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006510345Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.193{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006510344Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.193{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006510342Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.193{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006510341Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.193{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006510340Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.193{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006510339Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:02.193{4DF467A6-445E-613A-41FB-00000000F001}8144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42trueSplunk, Inc.Valid 734700x80000000000000006510501Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.708{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006510500Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.708{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006510499Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.708{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006510498Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.589{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006510497Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.588{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006510496Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.588{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006510494Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.587{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006510492Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006510491Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006510490Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006510489Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006510488Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006510487Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006510486Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006510485Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006510484Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006510483Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006510482Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006510481Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006510480Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006510479Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006510478Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006510477Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006510476Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006510475Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006510474Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006510473Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006510472Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006510471Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006510470Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006510469Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006510468Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006510467Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006510466Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006510465Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006510464Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006510463Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518FtrueMicrosoft WindowsValid 734700x80000000000000006510462Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006510461Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006510459Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006510458Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006510457Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006510456Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.571{4DF467A6-445F-613A-43FB-00000000F001}7964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3trueSplunk, Inc.Valid 734700x80000000000000006510441Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.008{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006510439Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.008{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006510438Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:03.008{4DF467A6-445E-613A-42FB-00000000F001}7488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006510619Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006510618Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006510617Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006510615Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006510613Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006510612Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006510611Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006510610Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006510609Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006510608Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006510607Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006510606Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006510605Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006510604Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006510603Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006510602Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006510601Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006510600Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006510599Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006510598Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006510597Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006510596Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.950{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006510595Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.949{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006510594Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.949{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006510593Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.949{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006510592Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.948{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006510591Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.948{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006510590Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.948{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006510589Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.947{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006510588Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.947{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006510587Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.946{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006510586Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.946{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006510585Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.946{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006510584Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.945{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006510583Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.945{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006510582Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.945{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006510580Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.944{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006510579Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.943{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006510578Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.943{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006510577Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.943{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8trueSplunk, Inc.Valid 734700x80000000000000006510561Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.392{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006510559Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.392{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006510558Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.392{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006510557Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.270{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006510556Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.270{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006510555Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.270{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006510553Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.270{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006510551Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006510550Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006510549Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006510548Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006510547Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006510546Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006510545Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006510544Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006510543Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006510542Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006510541Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006510540Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006510539Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006510538Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006510537Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006510536Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006510535Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006510534Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006510533Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006510532Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006510531Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006510530Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006510529Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006510528Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006510527Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006510526Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006510525Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006510524Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006510523Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006510522Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006510521Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006510519Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006510518Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006510517Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006510516Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:04.255{4DF467A6-4460-613A-44FB-00000000F001}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241trueSplunk, Inc.Valid 734700x80000000000000006510685Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.755{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006510684Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.755{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006510683Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.755{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006510681Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.639{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006510680Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.639{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006510679Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.639{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006510677Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.639{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006510675Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.639{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006510674Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.639{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006510673Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006510672Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006510671Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25trueMicrosoft WindowsValid 734700x80000000000000006510670Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006510669Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006510668Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006510667Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006510666Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006510665Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006510664Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006510663Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006510662Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006510661Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006510660Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006510659Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006510658Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006510657Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006510656Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006510655Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006510654Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006510653Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006510652Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006510651Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006510650Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006510649Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006510648Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27trueMicrosoft WindowsValid 734700x80000000000000006510647Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728BtrueMicrosoft WindowsValid 734700x80000000000000006510646Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006510645Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9trueMicrosoft WindowsValid 734700x80000000000000006510644Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValid 734700x80000000000000006510643Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006510642Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006510641Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006510640Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006510638Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006510637Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006510636Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006510635Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.624{4DF467A6-4461-613A-46FB-00000000F001}7400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3trueSplunk, Inc.Valid 734700x80000000000000006510623Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.071{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006510622Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:05.071{4DF467A6-4460-613A-45FB-00000000F001}7844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006510752Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.323{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValid 734700x80000000000000006510751Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.323{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146trueMicrosoft WindowsValid 734700x80000000000000006510750Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.323{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1AtrueMicrosoft WindowsValid 734700x80000000000000006510747Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.192{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006510746Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.191{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006510745Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.191{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006510743Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.190{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006510741Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.189{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006510740Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.188{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006510739Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.188{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006510738Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006510737Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006510736Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006510735Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006510734Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006510733Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006510732Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006510731Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045trueMicrosoft WindowsValid 734700x80000000000000006510730Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006510729Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006510728Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006510727Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006510726Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006510725Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006510724Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006510723Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid 734700x80000000000000006510722Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006510721Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66AtrueSplunk, Inc.Valid 734700x80000000000000006510720Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1trueSplunk, Inc.Valid 734700x80000000000000006510719Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438trueMicrosoft WindowsValid 734700x80000000000000006510718Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006510717Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006510716Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006510715Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValid 734700x80000000000000006510714Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.4467 (rs1_release.210604-1844)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=A8CDCAC5C32D14ED8AADDF5489FC5D55,SHA256=140F07A8F6780DAFE20CC4FBE86C9332FB2F0C26ED8F49914BD05265C63EF6F1trueMicrosoft WindowsValid 734700x80000000000000006510713Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006510711Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006510709Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006510708Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006510706Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0trueMicrosoft WindowsValid 734700x80000000000000006510705Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886trueMicrosoft WindowsValid 734700x80000000000000006510704Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4530 (rs1_release.210705-0736)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=36B87C41EE39F3051D116F735EBEF866,SHA256=9C45BAE6D7E27B3AE04BBF88B96686C04ED6A43695558E82B687013BA0383F8AtrueMicrosoft WindowsValid 734700x80000000000000006510703Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:29:06.170{4DF467A6-4462-613A-47FB-00000000F001}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2trueSplunk, Inc.Valid 734700x80000000000000006511304Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValid 734700x80000000000000006511303Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValid 734700x80000000000000006511302Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValid 734700x80000000000000006511300Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FBtrueMicrosoft WindowsValid 734700x80000000000000006511298Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValid 734700x80000000000000006511297Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330trueMicrosoft WindowsValid 734700x80000000000000006511296Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValid 734700x80000000000000006511295Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093FtrueMicrosoft WindowsValid 734700x80000000000000006511294Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FFtrueMicrosoft CorporationValid 734700x80000000000000006511293Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValid 734700x80000000000000006511292Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValid 734700x80000000000000006511291Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=8AAF6E1B14B9210052FFF90E25926D63,SHA256=F2120C8E63EA94F8618B31319A534731C16D8FDD58B0E1E70217D72A39D78353trueMicrosoft WindowsValid 734700x80000000000000006511290Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=878EBD02A580FDF8F187100127E6D3A8,SHA256=54E4BADDFBD97CFFF871B6D7316B28872218B92F37C41199F71EB37BC5634216trueMicrosoft WindowsValid 734700x80000000000000006511289Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552trueMicrosoft WindowsValid 734700x80000000000000006511288Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValid 734700x80000000000000006511287Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9trueMicrosoft CorporationValid 734700x80000000000000006511286Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValid 734700x80000000000000006511285Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4530 (rs1_release.210705-0736)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=9D82D7DBC3D9E0D8E86D10A5B1BF736E,SHA256=270CA1A42ECB4C22E826C1C95924F0014CC99254AB55B7167DA144D45E238E6DtrueMicrosoft WindowsValid 734700x80000000000000006511284Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3trueMicrosoft WindowsValid 734700x80000000000000006511283Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValid 734700x80000000000000006511282Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValid 734700x80000000000000006511281Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54trueMicrosoft WindowsValid 734700x80000000000000006511280Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7trueSplunk, Inc.Valid 734700x80000000000000006511279Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78trueSplunk, Inc.Valid 734700x80000000000000006511278Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4467 (rs1_release.210604-1844)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=B0C4BF9491FB453B77399E3C56C11DC8,SHA256=66D5D1B3D25D15EA8737C8B2EF83E770BA10931868F24DCACC50936F0A0BAC08trueMicrosoft WindowsValid 734700x80000000000000006511277Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836trueSplunk, Inc.Valid 734700x80000000000000006511276Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9trueSplunk, Inc.Valid 734700x80000000000000006511275Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2trueMicrosoft WindowsValid 734700x80000000000000006511274Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3trueSplunk, Inc.Valid 734700x80000000000000006511273Microsoft-Windows-Sysmon/Operationalwin-dc-291.attackrange.local-2021-09-09 17:30:02.892{4DF467A6-449A-613A-49FB-00000000F001}4160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValid