23542300x80000000000000001287184Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:40.803{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DCF9C9AB6F30CBC673A4AE5404B2B61F,SHA256=A84C593D6F4C1743E681528B5D54649631E6A55E44F9F14DF8BE393DF88ABA1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381182Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:40.268{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FAF2654A46F874FBDF8EB99D21C2C3A4,SHA256=77B65A7B574F0A1FD3D8A1CB12667A175C14E012096FFAB43FB186405781F5B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287186Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:41.818{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=05FB7B2534D052CF559537B9E7FC8EFF,SHA256=4A69046393AB6D606918FCA0CA440CAADBBBC7C2819148FDDB9A40ABD7F73A45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381186Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:41.867{5EBD8912-CDB7-6152-8426-00000000FD01}4172ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jju9qh5l.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=9B582128822764EBD365D131E1C273DD,SHA256=401E01A52ADB41AEDBB8D99FF369DE7CB193D1CF8A8DC48F9BCD272297D53F6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381185Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:41.451{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=D257051A1EF5CE7C79396A76DE86FC79,SHA256=4514A0BDF37840377E71E01A3C6C4E93C7F8AEE2A8D9152D779F1A449291C966,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381184Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:41.450{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=ACA12B0E8EE8DF4E1C8DF3D9DD2EC191,SHA256=4E4AB3144FCE43B6A3D97237235DF9B256E0074035EFB638F50B12792CB96722,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381183Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:41.283{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A0E0EDDD606DC5BD10C0A11033C51F6,SHA256=27C712C6F7A58CE98A2E8A308AA42BF9D6CD9ACD328DB1547937D431A6B53BB9,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287185Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:38.435{69CF5F33-7F33-614D-6600-00000000FD01}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-542.attackrange.local61516-false10.0.1.12-8000- 23542300x80000000000000001287187Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:42.818{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=49C26CFD56F9BA2E59E7AB854242A8F5,SHA256=4A053F75BA42DAD55B32A9A66B31CDA1F17F39D5E147794A07DADEFD466EE21A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381190Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:42.966{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8256041DDCE01DAE9385CF4F789C0548,SHA256=9F780F0623DB966164AB5C7B7BE95AE08BEFC9054F96631A7EE63690543DA93C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381189Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:42.966{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=550D691E9CAAA7B3319B0E036389C042,SHA256=2D257EAA546982FFC4A47E4759EC2E2863ADF49C251674517EA8457838364A61,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381188Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:41.420{5EBD8912-8CC0-6151-1400-00000000FD01}1040C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudpfalsefalse127.0.0.1-65156-false127.0.0.1-53domain 23542300x80000000000000001381187Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:42.298{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B28578E74A3C41E6735DFE6A18226E2F,SHA256=E81B04E4F56152D0CEDEC441453C049F817DA43F1AD6FE44B28D63F573552CF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287188Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:43.820{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DCD3C9CB7AA624219CF4F0CE23737F36,SHA256=BCB189A957600FAB6FE668E606CE69FF7D890B978165E9482F8A17EDC4FE4B8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381195Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:43.881{5EBD8912-CDB7-6152-8426-00000000FD01}4172ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jju9qh5l.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=FF6DA4ABF6176DA39229992F8634EC23,SHA256=AABE1A89120A9EEC7DA155398C8868F3AF5A02C0A348C6EC64F5CB72B1C7D14B,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381194Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:42.935{5EBD8912-8CBD-6151-0B00-00000000FD01}640C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-429.attackrange.local51251-true0:0:0:0:0:0:0:1win-dc-429.attackrange.local389ldap 354300x80000000000000001381193Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:42.935{5EBD8912-8CD0-6151-2800-00000000FD01}2200C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-429.attackrange.local51251-true0:0:0:0:0:0:0:1win-dc-429.attackrange.local389ldap 354300x80000000000000001381192Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:41.425{5EBD8912-8CD0-6151-2A00-00000000FD01}2404C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-61232-true2001:7fe:0:0:0:0:0:53i.root-servers.net53domain 23542300x80000000000000001381191Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:43.313{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E781FA5C12545BFBE430EE5E005A69EB,SHA256=329521018D648B56B8868BDA442E7B74DFAC6B72C1D09816CFA9169DAC7B3137,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287191Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:44.826{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6115F56A2692B072B099DF775DC39ABB,SHA256=40D8E9CC43000E27FBD71E4463E84F70131074023CE68552DF761DCA5403F606,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381197Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:44.172{5EBD8912-8CDC-6151-6E00-00000000FD01}2608C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-429.attackrange.local51252-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000001381196Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:44.328{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=547DD0FE134E0CAD438485FB2588CA4D,SHA256=8EFC1E416592B7B912DE96B33EAAFE267392FEB692B8115637CCD885B9D5D21E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287190Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:44.244{69CF5F33-7F28-614D-1C00-00000000FD01}1852NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0a7b4daf9c254f4db\channels\health\respondent-20210924073259-5705MD5=C03F5A35DCD33CC76F546E3EA7D3F3DF,SHA256=27CB325E5A2A8D6C4E4022C2FAED9138BDF4BFE7B38BDA6EB79267B7EDAE26D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287189Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:44.195{69CF5F33-7F28-614D-1200-00000000FD01}968NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=E6925DCEE623453B60DA877B9B7FA6DA,SHA256=3F1BDFCE7068F1600DC39C4C1B339A62414E86340FCE7300D87E1CFA0066C6D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287193Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:45.827{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1C34F7FC8A196F92751BD52C6FB6E6C,SHA256=C2A3CE29101C5A469029077FBFB209692649591AA90F13A12923BFD2AF2410E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381198Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:45.329{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BADF705D9A2C0829DD215A409A12C6E,SHA256=E18CD3026C7A57B8C34155605CDA859492CD39DD4389FABFE20A3FA1488E337D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287192Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:45.249{69CF5F33-7F28-614D-1C00-00000000FD01}1852NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0a7b4daf9c254f4db\channels\health\surveyor-20210924073257-5706MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287195Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:46.874{69CF5F33-7F29-614D-1D00-00000000FD01}1960NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=72F9D15A308A3AFACD92589D17F2C03E,SHA256=E0EA3012FF17D797A034C0E7F787325C50EBFE6C56FB1128CC9B4A2A94A03D83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287194Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:46.827{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B7362825290F656337736061EF55B1FC,SHA256=A4D8E965AE5DB5BEFA5C89CD8913F174DBE0F718E39181B0BDE86CF017A67C2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381199Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:46.347{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8DF98A969400654F7E1EA2278C9B45A,SHA256=88405CE73E2C3C10109325D966BBD1F13DF6180E634796D675D4F817ABFA052B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287197Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:47.842{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8CD633E037143A7496A3A3263D614758,SHA256=F67DDF97B9695E05F26798DE51E6A0F54D0329EEBA25861686A98EB9539FD333,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381205Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:47.007{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-24607-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381204Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:46.959{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-24436-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381203Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:47.397{5EBD8912-8CD0-6151-3000-00000000FD01}1956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=72F9D15A308A3AFACD92589D17F2C03E,SHA256=E0EA3012FF17D797A034C0E7F787325C50EBFE6C56FB1128CC9B4A2A94A03D83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381202Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:47.382{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=889C6FBDE901717C59F577A333383427,SHA256=ACFBF5AADB9F2D6265041C6AE2F965770477E66C03DECB7F7B9FA55CDC849BBD,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287196Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:43.600{69CF5F33-7F33-614D-6600-00000000FD01}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-542.attackrange.local61517-false10.0.1.12-8000- 23542300x80000000000000001381201Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:47.215{5EBD8912-8CD0-6151-2F00-00000000FD01}2544NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0fd64d26ae25a9a58\channels\health\respondent-20210927092018-1388MD5=418358CD28D1B50422280074BE968B1D,SHA256=C8286C1C0A91E4E2C2FF9D12E0FDD08F235EAD61265C1678C815B6AB5A1254BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381200Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:47.150{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8256041DDCE01DAE9385CF4F789C0548,SHA256=9F780F0623DB966164AB5C7B7BE95AE08BEFC9054F96631A7EE63690543DA93C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287199Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:48.842{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A909A388B9F4279E8354ECA8F9A22704,SHA256=BCEB78B7580D0113B38B6FC5CC2ADE55D05405A46BD631092A13046EE718C5C7,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381209Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:48.228{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-33143-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381208Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:48.465{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AB996A899781C3E751747CFFAB29CA3C,SHA256=CFA3BF1F829DC411E14C3778984702E6ECC38B0C39ACE239B619BA60239612FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381207Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:48.396{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=97B7F31AEAE4ADDEEAF1086BEE6C3713,SHA256=9EF773365380FBAFB967B1F4B6EA7A941C9388BC999EECC6A4DDC7FD5306024D,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287198Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:45.210{69CF5F33-7F29-614D-1D00-00000000FD01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-542.attackrange.local61518-false10.0.1.12-8089- 23542300x80000000000000001381206Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:48.229{5EBD8912-8CD0-6151-2F00-00000000FD01}2544NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0fd64d26ae25a9a58\channels\health\surveyor-20210927092016-1389MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287200Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:49.858{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B93DCD428606AD819860621C741FC55,SHA256=C7E9569EFE2BA0733161FBF7336AC19248676417FB0F5EEBB1D723C4D671492A,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381213Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:49.218{5EBD8912-8CDC-6151-6E00-00000000FD01}2608C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-429.attackrange.local51254-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x80000000000000001381212Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:48.372{5EBD8912-8CD0-6151-3000-00000000FD01}1956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-429.attackrange.local51253-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x80000000000000001381211Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:49.596{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=810B3D5810D5F856471855100D6543B5,SHA256=0339840549CB93CE87C83D2B3FD9EF5CA53CFCE2751021789CD46723B81E76EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381210Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:49.411{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5CB3DC75CCC16534CB3E579066F878FF,SHA256=30A4F9186C68B5D65AC3E79E7EE5305B2800CC85C7B63C3B69FAEE6FF77258C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287201Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:50.905{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF51DBED3FBBEAA5E818B2BB2EF23355,SHA256=52E1840E8FBBD9D84AD158CB6E7E19011CF3F7DD0492CEC6D1FB5ED9B9D31B3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381216Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:50.680{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D8FB7684A374C438D964DEF4279E8FD3,SHA256=DC0EEBA8FB0C0912576D8472A9DC17F898F1FA670147B6F88242CCE474185DB3,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381215Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:49.490{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-41033-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381214Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:50.428{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EBC9630C29D66C312F8D512D8EA18744,SHA256=D8A7A83DE47EA4F8BEFC8DFF284239194DEE5760A332E261D02DCDA41422E6A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287202Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:51.921{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0EADDD59A7CFC0CA3F9AC7AC2169545D,SHA256=42FC627C423C07A794A8E5E0BA2560B1005520C17E111DF841AF9F722CBE8F55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381219Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:51.795{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=44CEBEFC0904FBAD5DE6EC82F99E7BF8,SHA256=11931A4E3E870AAFAACE8BCF4127E78DDE6D7EC1DCE82263FAEA8CCB1F840897,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381218Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:50.612{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-48970-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381217Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:51.446{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A973DCFB9988C3C870154B4FB6001E6B,SHA256=717332086D2BAB8EA823263D2B60333E532B785A106136B941C92B134162665E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287203Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:52.936{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79DF3EAF9401696837A86884965704DC,SHA256=F0696987FF47DD3BE5FE8D80E05A8450248AF4029AC15BCC24CD68FF61A43AE0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381221Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:52.994{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B64695C7DB7FE3DEE2F43E3421374080,SHA256=B5C52A144E93E86D6818AA9549139D435C559B4CB794FBE110FDEFF5C0EC621C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381220Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:52.463{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=230AAFDEB3F32409DBDFC6945307181A,SHA256=9C937D6715980FDE1C3AF2DC66530FD8074EF6CE4A63F3A1818017574AF4BD8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287205Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:53.952{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5BC7E40F3DABB75427E58ECEF24C1EFD,SHA256=4775EBBF46EDF26ADD5AB3AA6E5EFF575063D90EAA5EFE705CD1FD42BD671A18,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381224Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:52.874{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-5115-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381223Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:51.707{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-56851-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381222Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:53.464{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B34F5B6B14A577BAD4042B1970488453,SHA256=0186F491A563A5506F720823E54012E3D83545126FB846924BD89167C40C4E98,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287204Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:49.491{69CF5F33-7F33-614D-6600-00000000FD01}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-542.attackrange.local61519-false10.0.1.12-8000- 23542300x80000000000000001287206Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:54.967{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F564C437287A61647421F25E048FD550,SHA256=A392F8988A6F5D6A9187F438011DBDAA45700F2DFB1DAB83FFD7ED058BD7D58B,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381227Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:54.009{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-13178-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381226Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:54.479{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A01B9BFE5B2FB96E3AAE3699508441B8,SHA256=4FDE3C682B459C8F83725660541A192D0D0A6B2161FE4B26486D9EB2A8FF5B4A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381225Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:54.079{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=14F9B883BF46693F9F5D04F628FBD299,SHA256=A9D5022DAB9DF5468A45B154AFD2D64D53DA721F2A927D9FB57F5B0D418A7BE7,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381230Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:55.115{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-20794-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381229Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:55.493{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=55BF24639CD9B371B412B5C74397876F,SHA256=60513DABA99E3136CCB727355DC25ECE474198FE06BB0B767155C88BBE78FF2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381228Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:55.244{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=89C27B1EE9FA68F304B3288A830CBC8F,SHA256=A354F9875C341DFD01B8FDB8710E41EFAB8AED26A61C0426B500B8513876BEA6,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381234Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:56.255{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-28838-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381233Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:55.236{5EBD8912-8CDC-6151-6E00-00000000FD01}2608C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-429.attackrange.local51255-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000001381232Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:56.561{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A228D248A6D3FD0E28C70B43A6B049E,SHA256=A384B8E74748A3CF97C047411B13B671A39680704F6E06A6D7742B8CFEFB75F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287207Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:56.186{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C96D5B3CEB097D9022E60526B94D7E2,SHA256=FE14EA18DBDA48F4E7F7646CB88F8D94B751088C9A417BBE084D1DF05C391709,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381231Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:56.342{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8317C067EB8CB8E2C1DAD0DDB1025C26,SHA256=F23E8B60DEF2C2FDA17DB981F248C9A8EBE1D8E7ACE045D89533A1C40B1CCADC,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381238Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:57.521{5EBD8912-8CBD-6151-0B00-00000000FD01}640C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.15WIN-HOST-54261521-false10.0.1.14win-dc-429.attackrange.local49672- 354300x80000000000000001381237Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:57.366{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-36005-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381236Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:57.623{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2793E80678E6DA4E6858C4E81EF5B908,SHA256=89AA2D576C18ACC861DD189A217FA991D35CBB009409E12551D9CFCA30BCF911,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287211Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:57.511{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3E2E498AFB31A67129D4CFDAA6F084E6,SHA256=BB5A8D7C6BDE1290069ABE297551492EEAF5D325349AC4A249342E2BF7DDBD86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287210Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:57.511{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A5C1A256362A4D8148E5378119682B1B,SHA256=99254CACC7E8AF7AF38896FA908AADA7CF9C85959DD23BB7E9A674DFA791CADE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287209Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:57.417{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E4F1E080FAE5071B8E767D12704B0FF,SHA256=F94CECC9E35C5FD6F59E1004A8CDBA82BAB111BF370126448380E84821A69413,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381235Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:57.460{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DAEA243D8337A92F09E860553FD251B6,SHA256=086A78EE95C85BCC006466356CEDDBBF31033B4C3F014775A5ADD8B184CEB009,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287208Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:54.276{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-27499-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 354300x80000000000000001381243Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:58.474{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-43782-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381242Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:57.589{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-46486-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381241Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:57.551{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-46383-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381240Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:58.659{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=092846111CEE750D9256775B9E6C43A2,SHA256=E7CDFC66602E19582B58C804DE7AFA42A6FAF7B12E732306C33A21261370F014,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381239Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:58.641{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D46732DF4DBCB65B4B901FE5F206078,SHA256=6D776819B1D5C8A8DF83DDB684FF45CE7A0D13C030CBC299C7F6E1694FD0D599,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287216Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:58.589{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3E2E498AFB31A67129D4CFDAA6F084E6,SHA256=BB5A8D7C6BDE1290069ABE297551492EEAF5D325349AC4A249342E2BF7DDBD86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287215Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:58.433{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B59BBDC44731C9F0D077E8F8787460BB,SHA256=FE874CC8E4CA2FD1EB8575E2FAE3F60BDD232D013D40092B39CB9E0099A4A11F,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287214Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:54.850{69CF5F33-7F27-614D-0B00-00000000FD01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-542.attackrange.local61521-false10.0.1.14-49672- 354300x80000000000000001287213Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:54.584{69CF5F33-7F33-614D-6600-00000000FD01}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-542.attackrange.local61520-false10.0.1.12-8000- 354300x80000000000000001287212Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:54.301{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-27625-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 354300x80000000000000001381246Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:58.721{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-50915-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381245Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:59.741{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60924AD7A45FDF3A2E82750BEC3FBE46,SHA256=950ADE8E120D41DA928BADFCC79B47F014198680B91C824B611B58D0DDDF7E60,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381244Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:59.741{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3D37372FC5DCF81B5B6F6FB852E22A5E,SHA256=D1389EEE6AAEE0273DB0F2A4F68AD7495733D6133ADBC5035785B4A1BB9146D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287218Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:59.746{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4D5C7CF37C0FCBD00CE394686481F593,SHA256=4BB887FBF97DC1E68BDA675BE05A3D0016F4B4A2B0B7B173495DDA8751C799A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287217Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:59.449{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A4789AA6C1A40C663AD2A6B3878035C4,SHA256=02E30177DB87ACCB44987FEBAC67DC721C3E84BCF81309D41F63C0DC8AB8C14E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381250Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:00.973{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9EB75B5657CD026A730B7297C2ABB1A6,SHA256=1DD369A145CC61EC72C0A6BC47EDC05729BCF57C467029B67C34CF400CD751B6,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381249Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:59.835{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-55353-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381248Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:04:59.672{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-51711-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381247Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:00.773{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C65ECC7F07C862F07CC29E2DD59450E0,SHA256=D840463814386C43D0E923C2AC6C93E6B0078FA1945C1602C5BF361E904D6262,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287221Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:00.464{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=29248A40C8FF7242598ABA31807D69B4,SHA256=3CFBC5B19842657A84B76775485F6AA5F70802E4AB85558FA92FB51A344E2945,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287220Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:56.999{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-40812-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 354300x80000000000000001287219Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:55.882{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-35186-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 354300x80000000000000001381252Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:00.785{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-59338-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381251Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:01.788{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB31A26365594BA97B8C1821629BDA12,SHA256=56FF7EFCDB06E05C089FD5835AB14A0527D102D633DC34AD5C3D86ACC6AE0555,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287224Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:01.480{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=187780E659B4BCEB53390764D22B4162,SHA256=4115AB99A0043ED4F54C8BD6C809796CEA3FB344D40DC1EEF6482F0EF040F354,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287223Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:58.117{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-46816-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287222Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:01.058{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=800F6124E8FFB1DB75CABB4FC5180C9B,SHA256=ED0ECE23774207F3CABA32F995810A4D0090BC776CBA5FDEBD5F244C12E93838,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381257Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:01.985{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-8236-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381256Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:01.027{5EBD8912-8CDC-6151-6E00-00000000FD01}2608C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-429.attackrange.local51256-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x80000000000000001381255Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:01.001{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-59837-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381254Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:02.819{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B09669A7D6B8B5842ED558DA11F73A0B,SHA256=D2850B1D3BCADBB5E50C39DF388388EEBEC0312EC16357DB93FC0ABF29366B88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287227Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:02.480{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6F45F0E46A62E194C49D4DA6EFC8ABB2,SHA256=0FFFFF0CC2B8CA1E33EE9E39DB71086AEA7665A11844C4F76E01FAB5A945CC3D,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287226Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:04:59.430{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-53446-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001381253Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:02.088{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C38DE5019540CE0868B1D5FAAE9EAD62,SHA256=11CAB5C24CE7C0D70B662E5F58999D1CB2FAFE29A7AB65ACC3060BBE494EAA1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287225Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:02.152{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2B27F1E4FC6133B9DE981FE5B922F835,SHA256=1506D03D0639F16A1C4AE30811A50D61FD378716501E16D8543277D56D8A0235,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287230Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:03.542{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C5D241BEACA83149986A6717CE58B9B,SHA256=25E3603DFB4A672379A4CDC8CAF15C1FEB681EFB705AA6286983F14C8BCCE5E4,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381271Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:03.115{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-15917-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381270Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:02.146{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-5343-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381269Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:03.819{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9951558DA2D79B0F1ED75B309F7E3DA3,SHA256=C46521FBFCEDBEFCD4599883F7FBD0EB7D27F89B54D20A0DCDEACAD071A8D440,IMPHASH=00000000000000000000000000000000falsetrue 13241300x80000000000000001381268Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-SetValue2021-09-28 09:05:03.587{5EBD8912-8CBD-6151-0B00-00000000FD01}640C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x80000000000000001381267Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-SetValue2021-09-28 09:05:03.587{5EBD8912-8CBD-6151-0B00-00000000FD01}640C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x05193dc8) 13241300x80000000000000001381266Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-SetValue2021-09-28 09:05:03.587{5EBD8912-8CBD-6151-0B00-00000000FD01}640C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b43f-0x8a6a8dd0) 13241300x80000000000000001381265Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-SetValue2021-09-28 09:05:03.587{5EBD8912-8CBD-6151-0B00-00000000FD01}640C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b447-0xec2ef5d0) 13241300x80000000000000001381264Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-SetValue2021-09-28 09:05:03.587{5EBD8912-8CBD-6151-0B00-00000000FD01}640C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b450-0x4df35dd0) 13241300x80000000000000001381263Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-SetValue2021-09-28 09:05:03.587{5EBD8912-8CBD-6151-0B00-00000000FD01}640C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x80000000000000001381262Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-SetValue2021-09-28 09:05:03.587{5EBD8912-8CBD-6151-0B00-00000000FD01}640C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x05193dc8) 13241300x80000000000000001381261Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-SetValue2021-09-28 09:05:03.587{5EBD8912-8CBD-6151-0B00-00000000FD01}640C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b43f-0x8a6a8dd0) 13241300x80000000000000001381260Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-SetValue2021-09-28 09:05:03.587{5EBD8912-8CBD-6151-0B00-00000000FD01}640C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b447-0xec2ef5d0) 13241300x80000000000000001381259Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-SetValue2021-09-28 09:05:03.587{5EBD8912-8CBD-6151-0B00-00000000FD01}640C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b450-0x4df35dd0) 23542300x80000000000000001381258Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:03.203{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DF2C01CD11ADED2DE9ABB22F728DF122,SHA256=00B2CDE43442153B4D9229AF95D49DCF045C549423E3C8CB43B6774AADD26BFC,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287229Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:00.503{69CF5F33-7F33-614D-6600-00000000FD01}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-542.attackrange.local61522-false10.0.1.12-8000- 23542300x80000000000000001287228Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:03.308{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=478ACF8DA4A21753A1DD94C435E45E88,SHA256=3251F894D2445B4C0E67A57F8405854AEE16EA1DD30FD276AA8E52A8BDF97EB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287233Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:04.683{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDC6BD6B0F9351D2B75C957D682CD776,SHA256=621CD4D5A9D0730E3CEF3C445F75CBB8D58FE8BC688E35472458D8AEAD8196F9,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381276Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:04.368{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-13953-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381275Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:04.363{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-24130-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381274Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:03.245{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-9678-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381273Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:04.855{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60C06FD9E7F84E6DC55AF51D8A003EF2,SHA256=98BF4F8585554B60E49B3C7DAD2B37F177FF6D335CEEE6AFAB371906BA656226,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287232Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:00.562{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-58987-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287231Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:04.434{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9B7CC1DF6B6D52B4C732DBC33A583034,SHA256=A48E3D272F1B77011E70579CCAA34B27B584DE2C792EE13B7F792A2E0DBC0158,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381272Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:04.437{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=62A3B9511DFFD3C1F110E897516133AB,SHA256=792E6EB9B86C376A5A5728124FEBF584C7990E17AA0F2ED92106196AF62159E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287236Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:05.917{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E2EAB11787682133071B100E0D94CB9,SHA256=889448FFB909C8130F047790C3531F72D3672919E6A998AE3ABD0F4618121F10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381278Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:05.901{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DBFB96A0534260C6208334D2FE61C50D,SHA256=6EAFF1948AE43246185BB73C1CE03A573E474EA72FE8A776BBF4D86B244D23E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287235Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:05.589{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C192F1A62AFCB5910055CB7F580BC3C2,SHA256=6F7DCDE8C3C1A884AFC5DF6B2A25978FF483A0EB7CAF58B9BD7A5AB5CD39A65B,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287234Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:01.711{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-5881-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001381277Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:05.517{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=182E7D074D0396F646195ADBC8977855,SHA256=2CD7E3E3A6E172C5AF908D33B7C843988E3FFA22B3A86819C6A2F9C7B2D70A18,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381282Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:06.916{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4575769FE14F0434604C64EF60D82631,SHA256=91A209F75AD4FF81D6B84E92AB8E5123C650C5CA12AA9D994146BDEB0AC22F78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287238Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:06.714{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C45F662A34A00A1FE2DDA991429A5927,SHA256=9DF068BF726C25A8D83732F93DC1D87553EB8D1DCB16F9961CD21DDA07840304,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287237Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:02.869{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-11380-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001381281Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:06.616{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8F704E7348B0DC7E5C365675597ED313,SHA256=C1D9B0490C332010590474C49D0EE7442384DA12AEF3FB3DD541C199C09BCE12,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381280Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:05.660{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-32625-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381279Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:05.445{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-18297-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381286Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:07.934{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5987358800C5414CBD159785892D9703,SHA256=375EE608196951B3700366CC4B44D32F7D49CD2187833411680718434CDF41A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287240Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:07.886{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7416F28D9E00C8524A604068CA676A54,SHA256=E0F4B642BB6822658A335AAB8A8E51A366086502DD9D12BFA80E5DDD3D56727F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287239Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:07.042{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7A847654B4CEF4102045E6FCFAE35FB,SHA256=093531EA59B8822E06FEA150BE320DDAC829DC4070DBB5F0279081278BD38087,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381285Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:07.768{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=845268B7076F8753EC130FA092B51C05,SHA256=90D2890CD0508F743E0F106B12CAF77B2B20AE3694D0EB7C483D039E596C23C9,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381284Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:06.528{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-22555-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381283Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:06.108{5EBD8912-8CDC-6151-6E00-00000000FD01}2608C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-429.attackrange.local51257-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000001381289Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:08.951{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A414120CC9D7BB730492CC15AD4BC86A,SHA256=5D9EA932126527966C14EA7B572B9B5F1979FC0B0F03910D165983150A954012,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287242Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:03.977{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-16991-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287241Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:08.042{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48F7181975C970B5506EE76D1BBD335C,SHA256=828EA4B26AB141074144FEC7B5E848437286817D9565B99099E17D4C3F3FF5FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381288Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:08.883{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D95B65A718C6AACD9399C22EC377493A,SHA256=254B1E07F8C160A2260CF9942CAA69F870D0FB1BCC70C3A2BFC6581519446B4C,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381287Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:06.933{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-41350-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381292Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:09.966{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F16F0E9FE153D0FBF65FACD96B5D053,SHA256=CE1AE7E4EC151B50604A74AAB63C5AD1A606BD68D0B79BEDAD286E5BD65D53A7,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381291Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:08.211{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-49877-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381290Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:07.643{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-26805-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001287246Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:06.271{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-28114-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 354300x80000000000000001287245Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:05.130{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-22747-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287244Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:09.167{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A7EBA3C73A517A9A6E23A39B82AE4DA7,SHA256=019549E0835644DB53E9B55E825CC0A65C70534B725DDB4EC1C213AEDAF284DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287243Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:09.058{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=03D2D803D75A35D640E71245827B5821,SHA256=7C826DCECF0FA0F29289FBF2C2DE12ECA01922A605EAD05A336083444A78F1A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381314Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:10.981{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A19B9021A9EA903EF6D865CC1C8FB99E,SHA256=D64C2599E317BBC3A7308B22AFAC6F1FEB97B908A4D0B4C9AD9929CE35D31237,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287252Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:06.519{69CF5F33-7F33-614D-6600-00000000FD01}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-542.attackrange.local61523-false10.0.1.12-8000- 10341000x80000000000000001287251Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:10.339{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1500-00000000FD01}1172C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287250Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:10.339{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1500-00000000FD01}1172C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287249Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:10.339{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1500-00000000FD01}1172C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001287248Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:10.245{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6FDCB8941EE9A9DF26BDED7CBD7042F8,SHA256=00D020C504878761C83F1112398893FADBFC544E11D6C603E5C32C2986861BD2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287247Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:10.058{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57E01837893B08D2CC42BCDB82559726,SHA256=FA9E388770DB564C0ACF4FFC52B91AECCA4F8DE901CB74FDB67D0F5580E2DBE9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001381313Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:10.812{5EBD8912-8CD1-6151-3500-00000000FD01}34363456C:\Windows\system32\conhost.exe{5EBD8912-DAC6-6152-1A28-00000000FD01}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381312Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:10.812{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381311Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:10.812{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381310Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:10.812{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381309Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:10.812{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381308Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:10.812{5EBD8912-8CBD-6151-0500-00000000FD01}416532C:\Windows\system32\csrss.exe{5EBD8912-DAC6-6152-1A28-00000000FD01}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001381307Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:10.812{5EBD8912-8CD0-6151-3000-00000000FD01}19561552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{5EBD8912-DAC6-6152-1A28-00000000FD01}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001381306Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:10.813{5EBD8912-DAC6-6152-1A28-00000000FD01}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{5EBD8912-8CBD-6151-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{5EBD8912-8CD0-6151-3000-00000000FD01}1956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000001381305Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:10.729{5EBD8912-8CC0-6151-1100-00000000FD01}412NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=E7228B361DBDE5C84B9DC386EECB5C26,SHA256=7AFB33A6413B32C91D07E4F25B518928B7E0EC5579771AE9FF8EBDF0E9788D5D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001381304Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:10.313{5EBD8912-DAC6-6152-1928-00000000FD01}30207072C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{5EBD8912-8CD0-6151-3000-00000000FD01}1956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x80000000000000001381303Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:09.365{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-57533-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381302Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:08.791{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-31155-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 10341000x80000000000000001381301Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:10.135{5EBD8912-8CD1-6151-3500-00000000FD01}34363456C:\Windows\system32\conhost.exe{5EBD8912-DAC6-6152-1928-00000000FD01}3020C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381300Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:10.135{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381299Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:10.135{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381298Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:10.135{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381297Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:10.135{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381296Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:10.135{5EBD8912-8CBD-6151-0500-00000000FD01}416500C:\Windows\system32\csrss.exe{5EBD8912-DAC6-6152-1928-00000000FD01}3020C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001381295Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:10.135{5EBD8912-8CD0-6151-3000-00000000FD01}19561552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{5EBD8912-DAC6-6152-1928-00000000FD01}3020C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001381294Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:10.129{5EBD8912-DAC6-6152-1928-00000000FD01}3020C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{5EBD8912-8CBD-6151-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{5EBD8912-8CD0-6151-3000-00000000FD01}1956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000001381293Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:10.013{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A2FC184C1147CC3D472C90EDA32AD697,SHA256=10BBC35B6290257774FEC0EE60934614AC821EC7067831B78983EB7D727D7A74,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381320Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:11.995{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D95CE1B88CC139DE11BE3158D72D5E02,SHA256=6B0B5898EE3FED1F344A9A9F2FDB01C823FA42C591D5E5C8A61E9A107BB7DEB1,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287269Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:07.540{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-34668-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 10341000x80000000000000001287268Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:11.652{69CF5F33-DAC7-6152-10A1-00000000FD01}19241972C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{69CF5F33-7F29-614D-1D00-00000000FD01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001287267Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:11.417{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C3312A3E438770D71328B75B6CD84CAB,SHA256=3434A56B7ABF433D324699A49B8A630D8298DB5E0C5DF9762CC5C80C4C054F6F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001287266Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:11.371{69CF5F33-7F2A-614D-2B00-00000000FD01}28562876C:\Windows\system32\conhost.exe{69CF5F33-DAC7-6152-10A1-00000000FD01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287265Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:11.371{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287264Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:11.371{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287263Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:11.371{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287262Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:11.371{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287261Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:11.371{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287260Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:11.371{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287259Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:11.371{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287258Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:11.371{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287257Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:11.371{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287256Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:11.371{69CF5F33-7F27-614D-0500-00000000FD01}408524C:\Windows\system32\csrss.exe{69CF5F33-DAC7-6152-10A1-00000000FD01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001287255Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:11.371{69CF5F33-7F29-614D-1D00-00000000FD01}19603060C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{69CF5F33-DAC7-6152-10A1-00000000FD01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001287254Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:11.356{69CF5F33-DAC7-6152-10A1-00000000FD01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{69CF5F33-7F27-614D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{69CF5F33-7F29-614D-1D00-00000000FD01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000001287253Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:11.074{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9D6F6AB6BB37CF925BE123BB8FA7EB8,SHA256=EBD55E958B8C0B9E91385B9CC6FA301B4FA72046F77DE04F137033EF7068FDB3,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381319Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:11.023{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-39713-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381318Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:10.722{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-7100-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381317Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:10.184{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse212.102.34.245unn-212-102-34-245.datapacket.com40603-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381316Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:09.937{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-35642-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381315Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:11.096{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B26EABA7FFB1A560D0226A56C69C706E,SHA256=0746CEBAA86B673569159640727D3438E16506007BE9C2B64EF0168CDB43AA51,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287300Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:09.804{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-46271-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 354300x80000000000000001287299Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:08.619{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-40276-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 10341000x80000000000000001287298Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.714{69CF5F33-7F2A-614D-2B00-00000000FD01}28562876C:\Windows\system32\conhost.exe{69CF5F33-DAC8-6152-12A1-00000000FD01}924C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287297Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.714{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287296Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.714{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287295Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.714{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287294Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.714{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287293Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.714{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287292Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.714{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287291Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.714{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287290Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.714{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287289Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.714{69CF5F33-7F27-614D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{69CF5F33-DAC8-6152-12A1-00000000FD01}924C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001287288Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.714{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287287Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.714{69CF5F33-7F29-614D-1D00-00000000FD01}19603060C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{69CF5F33-DAC8-6152-12A1-00000000FD01}924C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001287286Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.700{69CF5F33-DAC8-6152-12A1-00000000FD01}924C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{69CF5F33-7F27-614D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{69CF5F33-7F29-614D-1D00-00000000FD01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000001287285Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.652{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5D45632EE4F9F2FCD3CCA81AFA0E5337,SHA256=719CF953CB9054C6AA41A93430EB8FFEDDBD2C7A000EFB9B7A7C596B8335919E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001287284Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.355{69CF5F33-DAC8-6152-11A1-00000000FD01}29041012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{69CF5F33-7F29-614D-1D00-00000000FD01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287283Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.090{69CF5F33-7F2A-614D-2B00-00000000FD01}28562876C:\Windows\system32\conhost.exe{69CF5F33-DAC8-6152-11A1-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287282Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.074{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287281Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.074{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287280Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.074{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287279Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.074{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287278Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.074{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287277Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.074{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287276Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.074{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287275Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.074{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287274Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.074{69CF5F33-7F27-614D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{69CF5F33-DAC8-6152-11A1-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001287273Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.074{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287272Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.074{69CF5F33-7F29-614D-1D00-00000000FD01}19603060C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{69CF5F33-DAC8-6152-11A1-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001287271Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.043{69CF5F33-DAC8-6152-11A1-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{69CF5F33-7F27-614D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{69CF5F33-7F29-614D-1D00-00000000FD01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000001287270Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.074{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AB2D362B49AB4A5221CF4F07D2D1AEE,SHA256=FEDE7D85617D172D7C7E3DCA8DAAD2E2BB0AA41B0AC47DCA2950F7BB2C0E19DA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001381331Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:12.895{5EBD8912-8CD1-6151-3500-00000000FD01}34363456C:\Windows\system32\conhost.exe{5EBD8912-DAC8-6152-1B28-00000000FD01}6584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381330Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:12.895{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381329Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:12.895{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381328Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:12.895{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381327Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:12.895{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381326Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:12.895{5EBD8912-8CBD-6151-0500-00000000FD01}416500C:\Windows\system32\csrss.exe{5EBD8912-DAC8-6152-1B28-00000000FD01}6584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001381325Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:12.895{5EBD8912-8CD0-6151-3000-00000000FD01}19561552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{5EBD8912-DAC8-6152-1B28-00000000FD01}6584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001381324Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:12.896{5EBD8912-DAC8-6152-1B28-00000000FD01}6584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{5EBD8912-8CBD-6151-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{5EBD8912-8CD0-6151-3000-00000000FD01}1956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x80000000000000001381323Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:11.867{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-14209-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381322Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:11.219{5EBD8912-8CDC-6151-6E00-00000000FD01}2608C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-429.attackrange.local51258-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000001381321Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:12.229{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=72051C7FBDFDC120A4E1B2A8BE4651BA,SHA256=715233C99A42FDA89FE14AA11426C6BCF88E96E301725A1FF10E0E0226A4FAAE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001287316Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:13.857{69CF5F33-DAC9-6152-13A1-00000000FD01}26601500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{69CF5F33-7F29-614D-1D00-00000000FD01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001287315Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:13.745{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=893B20B71A08CB999298EA4DBBFD048F,SHA256=900400AAB68A7E5A8950338EF2EDE281384C34B57C43609213FDDEEEC8E5CB2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287314Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:13.605{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=865AF360BEFCFB07D16C7578CD391F39,SHA256=1E8C0E3057DE824517E74F39F83C8F94CA866008B07EA5051D930CF281D227B9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001287313Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:13.605{69CF5F33-7F2A-614D-2B00-00000000FD01}28562876C:\Windows\system32\conhost.exe{69CF5F33-DAC9-6152-13A1-00000000FD01}2660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287312Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:13.605{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287311Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:13.605{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287310Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:13.605{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287309Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:13.605{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287308Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:13.605{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287307Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:13.605{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287306Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:13.605{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287305Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:13.605{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287304Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:13.605{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287303Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:13.605{69CF5F33-7F27-614D-0500-00000000FD01}408524C:\Windows\system32\csrss.exe{69CF5F33-DAC9-6152-13A1-00000000FD01}2660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001287302Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:13.605{69CF5F33-7F29-614D-1D00-00000000FD01}19603060C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{69CF5F33-DAC9-6152-13A1-00000000FD01}2660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001287301Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:13.590{69CF5F33-DAC9-6152-13A1-00000000FD01}2660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{69CF5F33-7F27-614D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{69CF5F33-7F29-614D-1D00-00000000FD01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000001381343Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:13.411{5EBD8912-8CD1-6151-3500-00000000FD01}34363456C:\Windows\system32\conhost.exe{5EBD8912-DAC9-6152-1C28-00000000FD01}1076C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381342Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:13.411{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381341Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:13.411{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381340Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:13.411{5EBD8912-8CBD-6151-0500-00000000FD01}416432C:\Windows\system32\csrss.exe{5EBD8912-DAC9-6152-1C28-00000000FD01}1076C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001381339Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:13.411{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381338Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:13.411{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381337Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:13.411{5EBD8912-8CD0-6151-3000-00000000FD01}19561552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{5EBD8912-DAC9-6152-1C28-00000000FD01}1076C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001381336Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:13.412{5EBD8912-DAC9-6152-1C28-00000000FD01}1076C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{5EBD8912-8CBD-6151-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{5EBD8912-8CD0-6151-3000-00000000FD01}1956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000001381335Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:13.395{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F7AED805BAEDB999F575997F6E674E61,SHA256=C11905C58845ECB7F3A0E5BC22A59E34898A72A9545607CF4C1F0BEAB9C2B685,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381334Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:12.121{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-43934-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 10341000x80000000000000001381333Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:13.064{5EBD8912-DAC8-6152-1B28-00000000FD01}65846636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{5EBD8912-8CD0-6151-3000-00000000FD01}1956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001381332Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:13.011{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C51499E8B746E30173B58779463990E1,SHA256=1AE033C62D9D58A358D53ECF3C7F7ABA8EE035C02027A4339BA171F330B83662,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001287342Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.980{69CF5F33-7F2A-614D-2B00-00000000FD01}28562876C:\Windows\system32\conhost.exe{69CF5F33-DACA-6152-15A1-00000000FD01}2408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287341Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.980{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287340Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.980{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287339Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.980{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287338Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.980{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287337Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.980{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287336Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.980{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287335Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.980{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287334Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.980{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287333Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.980{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287332Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.980{69CF5F33-7F27-614D-0500-00000000FD01}408524C:\Windows\system32\csrss.exe{69CF5F33-DACA-6152-15A1-00000000FD01}2408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001287331Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.980{69CF5F33-7F29-614D-1D00-00000000FD01}19603060C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{69CF5F33-DACA-6152-15A1-00000000FD01}2408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001287330Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.965{69CF5F33-DACA-6152-15A1-00000000FD01}2408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{69CF5F33-7F27-614D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{69CF5F33-7F29-614D-1D00-00000000FD01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000001381346Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:14.411{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=86437961920D7B75D7D8ED2648AD3E52,SHA256=318F51D4EA120593B41E66DF196EEF7E0BDF56E349946F3E575D9351978E7050,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381345Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:13.023{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-22246-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381344Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:14.012{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E3F291913A7AA2265F5264290D1415A,SHA256=FB8F9973C2B42FBF5AB87637803C05B65486BFBDF7085C294FAF5AFB5C80D805,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001287329Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.292{69CF5F33-7F2A-614D-2B00-00000000FD01}28562876C:\Windows\system32\conhost.exe{69CF5F33-DACA-6152-14A1-00000000FD01}3248C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287328Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.292{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287327Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.292{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287326Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.292{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287325Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.292{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287324Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.292{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287323Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.292{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287322Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.292{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287321Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.292{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287320Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.292{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287319Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.292{69CF5F33-7F27-614D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{69CF5F33-DACA-6152-14A1-00000000FD01}3248C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001287318Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.292{69CF5F33-7F29-614D-1D00-00000000FD01}19603060C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{69CF5F33-DACA-6152-14A1-00000000FD01}3248C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001287317Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.277{69CF5F33-DACA-6152-14A1-00000000FD01}3248C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{69CF5F33-7F27-614D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{69CF5F33-7F29-614D-1D00-00000000FD01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000001287346Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:15.199{69CF5F33-DACA-6152-15A1-00000000FD01}24083384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{69CF5F33-7F29-614D-1D00-00000000FD01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x80000000000000001287345Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:11.056{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-52500-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287344Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.980{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9FB8ADBB103CD40D32912B4C4EEF1FA,SHA256=1C393645AE6E3E34BD542D42AEFC214A6CD7C4F40789F09CD54095F9F64632E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287343Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.980{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3096FAF964270A56B73292B96CD2E258,SHA256=81799C5C84852BD8B57FA15A01E7D8E5B9CAA638CEABB3BCA8D5693143243627,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381351Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:15.610{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CE1B92849F085F52541CE52B872AE2A2,SHA256=D02325CA3FF984CC18FB76B66540493844AA81269024872D7F65DC3FD9C1CFAF,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381350Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:14.438{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-52999-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381349Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:14.109{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-29868-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381348Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:13.336{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-48622-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381347Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:15.030{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7DB0FD86F548CB76F84EC3DAE27A48ED,SHA256=5EC3AC74372AAEA40471598A7DA8D2F9D04EB4B87D74FFF257004CEBAD8953E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287348Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:16.120{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=242628D39CBEEFC5300B0253E4532AF4,SHA256=7214642767A1FE6E0B4BD9991EFEA884E99C591817A54CF79D8977F924985FD1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001381362Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:16.794{5EBD8912-8CD1-6151-3500-00000000FD01}34363456C:\Windows\system32\conhost.exe{5EBD8912-DACC-6152-1D28-00000000FD01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381361Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:16.794{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381360Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:16.794{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381359Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:16.794{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381358Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:16.794{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381357Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:16.794{5EBD8912-8CBD-6151-0500-00000000FD01}416500C:\Windows\system32\csrss.exe{5EBD8912-DACC-6152-1D28-00000000FD01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001381356Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:16.794{5EBD8912-8CD0-6151-3000-00000000FD01}19561552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{5EBD8912-DACC-6152-1D28-00000000FD01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001381355Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:16.794{5EBD8912-DACC-6152-1D28-00000000FD01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{5EBD8912-8CBD-6151-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{5EBD8912-8CD0-6151-3000-00000000FD01}1956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000001381354Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:16.728{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3352C050B5D087D5798A83663E5249A5,SHA256=50EAFF2C7FA7BBD0377E053727CADBBA62E3C8D478DBAA21AED6533C381E4D33,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381353Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:15.192{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-37469-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381352Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:16.047{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B3086A1429E49857FD32D29FE4F65071,SHA256=28E2EE4A531A3001063BD81819D7B0745C0C1D2C9853A45D46E4B95DACD53428,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287347Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:16.074{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=929C31CEBEDEC0A8A7F0CFB06D7D4099,SHA256=AD720D35357E71F8AC899C005F3B4354BEF0F5067D76284D076C9BBEF21B0903,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287353Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:13.305{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-4804-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 354300x80000000000000001287352Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.503{69CF5F33-7F33-614D-6600-00000000FD01}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-542.attackrange.local61524-false10.0.1.12-8000- 354300x80000000000000001287351Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:12.186{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-58242-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287350Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:17.136{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=ED95F72B44E21CEA6C6F2AA1A480BE67,SHA256=F0D5FA7EEC371EAD309429E8868AEE7F4B52E36542070A5324850DFDAD09B319,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287349Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:17.136{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2008441870CE2195A0EE9BCB39D6453,SHA256=BEB898A3E035E6EB5174DEFAFF02B55ED930C8A2AFDBD8908F4C9DEEB9F5B541,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381376Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:17.763{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D23C1324AAB14646C696C494221756A9,SHA256=03DB7AE45B94039F76F4D8C5331043EE7FB615552082A17F1D51CA784D021351,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001381375Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:17.630{5EBD8912-DACD-6152-1E28-00000000FD01}7001840C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{5EBD8912-8CD0-6151-3000-00000000FD01}1956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381374Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:17.477{5EBD8912-8CD1-6151-3500-00000000FD01}34363456C:\Windows\system32\conhost.exe{5EBD8912-DACD-6152-1E28-00000000FD01}700C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381373Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:17.477{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381372Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:17.477{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381371Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:17.477{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381370Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:17.477{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381369Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:17.477{5EBD8912-8CBD-6151-0500-00000000FD01}416532C:\Windows\system32\csrss.exe{5EBD8912-DACD-6152-1E28-00000000FD01}700C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001381368Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:17.477{5EBD8912-8CD0-6151-3000-00000000FD01}19561552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{5EBD8912-DACD-6152-1E28-00000000FD01}700C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001381367Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:17.478{5EBD8912-DACD-6152-1E28-00000000FD01}700C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{5EBD8912-8CBD-6151-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{5EBD8912-8CD0-6151-3000-00000000FD01}1956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x80000000000000001381366Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:16.502{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-45960-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381365Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:15.539{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-57252-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381364Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:17.093{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D443F797BD020AF77206BB307F8A6FF1,SHA256=B207FF63ADC832A16B147130B970C71883CDADD94C1F46134610C9893016941F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001381363Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:16.994{5EBD8912-DACC-6152-1D28-00000000FD01}70287024C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{5EBD8912-8CD0-6151-3000-00000000FD01}1956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001287356Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:18.453{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6095B6D2DC0739A2B54D452E93CE7D3D,SHA256=CD1AC8518A39BF5FD386444689B519FC2C49F578395072F776A033C5D050AB0F,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287355Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:14.398{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-10292-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287354Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:18.141{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89CAA0E32B075FB7036FF5279D36BADC,SHA256=DAB97E0D7A8D69204AC1F6D1270B87FA16D748890CDE3044857104CE7D5CD169,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381380Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:18.927{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F7F7AD0FFFBA2B75E5FE50B13B959357,SHA256=FEA99A17242459F4EAEFDAE77F737A1C7CA52A249CF47B28AAB0D5F3862F1A03,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381379Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:17.068{5EBD8912-8CDC-6151-6E00-00000000FD01}2608C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-429.attackrange.local51259-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x80000000000000001381378Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:16.633{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-2520-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381377Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:18.131{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=819DF42FF1C022A5987ECB0742CEE454,SHA256=52A7DE01996B12EE8D1A2AA63FB5807FEAEF0F598A2EC08E4F86BE6DFBC1895A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381386Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:19.976{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=566AB550A9D019E946E00ABDF6CD7E0A,SHA256=E5D791947FC0B485E9EA05A143A8F75D2F8DA6A53E8C12AD724CF48B562F9CF7,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381385Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:18.820{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-10904-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381384Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:18.791{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-1547-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381383Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:17.737{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-6806-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381382Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:17.607{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-53097-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381381Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:19.145{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AAF85FB41E285EED895C4C4A2E72414A,SHA256=D77D54372ECC6354DC828294CB87DCE0C849493D5EB49AF8644AA95B003C62FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287360Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:19.657{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=00F1EDA83BF3613C1154D82BDF202FF3,SHA256=760468ED759B7AC51FBE5984CACA53E696D3B98F7B22907677FFB7F879451FAF,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287359Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:15.568{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-15886-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 10341000x80000000000000001287358Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:19.172{69CF5F33-7F27-614D-0B00-00000000FD01}6241444C:\Windows\system32\lsass.exe{69CF5F33-7F0C-614D-0100-00000000FD01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+2b3d4|C:\Windows\system32\lsasrv.dll+30929|C:\Windows\system32\lsasrv.dll+2e287|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+15ded|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x80000000000000001287357Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:19.157{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94F83E377F3AB23228AF14A5C80F38E9,SHA256=81BAFFCF7C2F3C2926D73A4E07FB26775B1E0BBC95C8E974E19CF3AE5725BB18,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381397Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:19.920{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-10039-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381396Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:19.904{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-15183-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381395Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:20.160{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9CF81FADD6A68A0D588DA4C31D3ED060,SHA256=AFD126F8D80BAC15DD20815864217F1B60844017475FDF3F7A79E81998BE9802,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287363Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:20.782{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A31BABA9C0F877E0271DF05B712F5E79,SHA256=C195925A139B387EA04D99C7FE12D079FA7D2779095C8FDE4137D169E5DD3EE2,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287362Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:16.912{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-22086-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287361Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:20.157{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=670E1DD1C8F614D87C9ED29FAB18824E,SHA256=37B4B28F0AE5C8A6C52297733B8391ECDC05EC57D1051BE1DD87752C3FB18AB0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001381394Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:20.091{5EBD8912-8CD1-6151-3500-00000000FD01}34363456C:\Windows\system32\conhost.exe{5EBD8912-DAD0-6152-1F28-00000000FD01}5572C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381393Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:20.091{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381392Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:20.091{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381391Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:20.091{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381390Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:20.091{5EBD8912-8CBF-6151-0C00-00000000FD01}8442824C:\Windows\system32\svchost.exe{5EBD8912-8CD0-6151-2B00-00000000FD01}2392C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381389Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:20.091{5EBD8912-8CBD-6151-0500-00000000FD01}416532C:\Windows\system32\csrss.exe{5EBD8912-DAD0-6152-1F28-00000000FD01}5572C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001381388Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:20.091{5EBD8912-8CD0-6151-3000-00000000FD01}19561552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{5EBD8912-DAD0-6152-1F28-00000000FD01}5572C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001381387Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:20.092{5EBD8912-DAD0-6152-1F28-00000000FD01}5572C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{5EBD8912-8CBD-6151-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{5EBD8912-8CD0-6151-3000-00000000FD01}1956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x80000000000000001381400Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:20.198{5EBD8912-8CA0-6151-0100-00000000FD01}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.15WIN-HOST-54261525-false10.0.1.14win-dc-429.attackrange.local445microsoft-ds 23542300x80000000000000001381399Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:21.161{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3DB53578B7A664B94159E3D62A2331A3,SHA256=C00EAD19B5F3EBD5B9C329E552886FECB2C08517A28D68B364DCFD699B65F1C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287367Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:21.860{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=55E12DD91E4DFEA6B784BD5961304696,SHA256=F6A1B6F3628261002828C7CEF2285212A3C09E4A10737814F65155BF732721BE,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287366Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:18.033{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-27616-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 354300x80000000000000001287365Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:17.527{69CF5F33-7F0C-614D-0100-00000000FD01}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-542.attackrange.local61525-false10.0.1.14-445microsoft-ds 23542300x80000000000000001287364Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:21.172{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA82AB095FE422AE45737B6B22F393F8,SHA256=602D796CE9DE978DC6577A8342E753E8E8B6A2CCDA4AA9E5B2A31B445DA5F137,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381398Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:21.092{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6BF82BF0AF6B3987CD15196ED0BE9478,SHA256=758625E3EB877F8B9169F99431DCAC4A188278056DCC41A455392BE2425E1AC6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001287383Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:22.594{69CF5F33-7F2A-614D-2B00-00000000FD01}28562876C:\Windows\system32\conhost.exe{69CF5F33-DAD2-6152-16A1-00000000FD01}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287382Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:22.594{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287381Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:22.594{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287380Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:22.594{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287379Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:22.594{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287378Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:22.594{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287377Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:22.594{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287376Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:22.594{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287375Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:22.594{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287374Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:22.594{69CF5F33-7F28-614D-0C00-00000000FD01}7201928C:\Windows\system32\svchost.exe{69CF5F33-7F28-614D-1A00-00000000FD01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287373Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:22.594{69CF5F33-7F27-614D-0500-00000000FD01}408980C:\Windows\system32\csrss.exe{69CF5F33-DAD2-6152-16A1-00000000FD01}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001287372Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:22.594{69CF5F33-7F29-614D-1D00-00000000FD01}19603060C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{69CF5F33-DAD2-6152-16A1-00000000FD01}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001287371Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:22.580{69CF5F33-DAD2-6152-16A1-00000000FD01}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{69CF5F33-7F27-614D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{69CF5F33-7F29-614D-1D00-00000000FD01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x80000000000000001287370Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:19.153{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-32894-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 354300x80000000000000001287369Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:18.508{69CF5F33-7F33-614D-6600-00000000FD01}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-542.attackrange.local61526-false10.0.1.12-8000- 23542300x80000000000000001287368Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:22.188{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D294969C3E40D2BACED8F9408535D07,SHA256=7A8F4F6E2A78BD27C761E0853D2F100A9D8284A640E518663BC2D4CE9985A781,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381405Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:22.119{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-23426-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381404Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:21.049{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-17754-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381403Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:21.001{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-18944-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381402Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:22.192{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B00249FF48E0CB9C8594AAAE801B9A6E,SHA256=6877B3E005A22D5A641F2F3836EB79BE236F7CD5DCAC6A598C6AC86CC0203468,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381401Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:22.176{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B0CF39F1B07280DAE6612E9D19BDF0B,SHA256=D575DF76DC19B6ACE0BBF005A00B0FFF2A4DED410020D694CDC3AD9F0AC31E91,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287386Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:20.283{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-38443-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287385Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:23.203{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2A9DC8249CB26326F1879C3EC808031,SHA256=8DA3826C2D0BBF6B8014DB65199ECAAB7947EECAF77500D7ABC7445044AB3CC6,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381410Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:23.202{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-27528-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381409Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:23.034{5EBD8912-8CDC-6151-6E00-00000000FD01}2608C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-429.attackrange.local51260-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x80000000000000001381408Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:22.189{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-25642-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381407Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:23.275{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=72B9E4BF6C47EE433D527D0E49A610FC,SHA256=D3287BB4B3E80C09663AC0C7C92B55E5CACD344FB8E250E4DCC0B687BEB20B58,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381406Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:23.191{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8401AE5155B331640FEA8771E44308A7,SHA256=4F3248B289C8007E53A4200675CF8E1D80BF718805A98043AC48C165C8D2A3D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287384Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:23.016{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=47851C7D33AE47FC14B5B4D33147382F,SHA256=A129AFAB72CDDC9AB8BE5797326895DF7FCDE54412FEB1E42421A2BE3928A99B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287388Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:24.203{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2342692F3F1E56C34485F296C78A2121,SHA256=B5A28815DFB0886C582EF38354A946043F04AACB8960A6C7152766B7748B48FF,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381413Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:23.337{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-33243-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381412Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:24.424{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CCB03E1C2C597983C1DFAB83D2ECE499,SHA256=B231BB912FD4275C7238576457E17FB7889FDF001FEE16401C8222683C8C4C60,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381411Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:24.205{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F3965BABA4C6A1E4931EB8DA42EAA071,SHA256=1A7BBB7EFA236D524B70040C5AB10C31C0BA740C631A8547C9A73156D58815C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287387Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:24.141{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0E223053224A83FC9B600893D69B3A13,SHA256=1732A98F00FC3D989860BBCF465A3DD277048B2FABFC747EC599B390A7E99FD6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381417Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:25.541{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=83EB28C3F9CDB59202F761CCCF64557D,SHA256=C2DB29A760528FAA18420FC6A93E2C9FE94317DAC6E4C1235E9567228C387B9D,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381416Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:24.422{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-40856-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381415Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:24.301{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-31777-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381414Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:25.223{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=167FEA9C6F361ACF3E67D7761A098761,SHA256=76E963CEDFFCA48EF2872A205EA72748E1051B3ED2274D749F877158A3DDC117,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287391Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:21.403{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-44029-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287390Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:25.469{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=28FF3F8F25499B183611995AEA08322B,SHA256=E131BA1A9769831A62591BC263669FBD808A4FA3A5CAAC81D1129115F2296129,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287389Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:25.219{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D1290A117A92A6C6D911054B51CC02EC,SHA256=C8693E1F4C279A1B10C27CFDDCCAFB8B2C50DDF1970668AB627B589ADE7A2F95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287394Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:26.531{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A8A14315E3CA1162A454E1F7E4ECDF3B,SHA256=84FF9B4F40853F533D8BD4B2FC16F4F5B79D277028D3325DD7BFEB171581A1D8,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287393Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:22.608{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-50278-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287392Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:26.235{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=457683D092DEAA0140CC7A8CCC696526,SHA256=A586FB2AB7027206FDE0A327986910405B9FDBD36C482B0F076DB3E169E9CF30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381421Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:26.621{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BE738DDE42F21E29654FEB5415900C7A,SHA256=D5C865FC290EF4E9DEAFAFD6D1BF5EDF3FF9BEE623806FAA04766316B1D7527B,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381420Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:25.605{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-48897-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381419Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:25.446{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-36179-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381418Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:26.241{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2990C03ACED3E8B736DF7CF0E358001,SHA256=F316DDDCB77351555EF5F50E0AC2F17101B8F67EF784E8885E6B2B23865C7EDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381425Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:27.702{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=92E04492E77D8B3AA1C3A37814C86FBB,SHA256=C731EEF9A9060D79F8BC64546BC40C03689BF72622A79B52B41D3845C66A095C,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381424Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:26.859{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-57194-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381423Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:26.553{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-40621-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381422Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:27.271{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F6CB60D3985445863779368E1FDD691F,SHA256=FB500E3817CAD78578CC11656D4CE5FFD6C8077FC0C5DAB60228B4B48ECE0234,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287398Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:24.445{69CF5F33-7F33-614D-6600-00000000FD01}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-542.attackrange.local61527-false10.0.1.12-8000- 354300x80000000000000001287397Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:23.841{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-55952-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287396Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:27.625{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2D571A1021BF841820CA75F1E11278E0,SHA256=00E5454EEA059DEA979F0EABED77DCB72E5283BB27FEDB74618AD5D7B70E54DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287395Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:27.250{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0739F557646A27CCBDFE52DD9130D25F,SHA256=A9A2DC7D9DB5BA40BDC842996C1875D3715C619B61A28573AB3BB121659789B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287401Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:28.719{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BCE32A3ED40D0B1FA0C42F739A3537E4,SHA256=3525B3CB0C2590FC6B5A7404DD5E933DDB4B13671F1B2531E939A0F5DCEEE02C,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287400Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:24.920{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-2767-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287399Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:28.266{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BAE376DF0EDFC8BF3DD35C54ECAE3FBF,SHA256=6A494DACD07FE1CA911CF124079A6B5EB340885207CD01C858BD06C379EB5C46,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381427Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:28.820{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C1DF2DCFC0954E40372753489CFECEA8,SHA256=4B7EF813AF0B0F2E47773773441B11E04EE5AB59B27A9D0B179D3CEEEFC0C758,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381426Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:28.302{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E078EADEDE56B9FA957C7D76CB2CA44D,SHA256=D3EC8D0E220CFE8952E830D25D29E3B007EA253922BF387C802F7178227F571D,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287403Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:25.997{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-8178-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287402Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:29.344{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4005CC7B8729BA85A19DE3A6BE9EBB20,SHA256=0618503FCEB933DA2D88E1DA52E7B1C40135AA6A80BDE37727308D0F1188B948,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381433Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:29.901{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=97F12EFDE4F6135D814BF57C97750648,SHA256=A8C106358367DD4538FE2ABD86ED570C2AD6BC436906ABEAC6827CD57558B019,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381432Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:28.726{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-48719-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381431Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:28.130{5EBD8912-8CDC-6151-6E00-00000000FD01}2608C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-429.attackrange.local51261-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x80000000000000001381430Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:28.014{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-6388-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381429Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:27.629{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-44649-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381428Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:29.323{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D80561F11EC2E1E861F9B151131E1793,SHA256=9D41678AFF4DD9E0F859202E4B7643586672AA1117CCDFEB3577C530A084C2FC,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287406Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:27.397{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-14176-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287405Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:30.391{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE6C0739BAC0E966B46643878109A3A2,SHA256=0B5220DB3A9312317A56454BEE537918A0B41B88E1AD7D853DB72E4376EBBC01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381436Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:30.920{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F32A0B2EF75A38F7B971719BF800489E,SHA256=D233C98FCA69199F77EEDDAF55EEC20DF27F24EBDD7D3DC985C128E83B6B1220,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381435Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:29.148{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-13326-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381434Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:30.338{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3FF24B72A98C8A1CE21E6615EEFE94EE,SHA256=48C8BC3748515705C5C84EF072FE5E635D4ECD911187E3892533B1CBA044CCE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287404Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:30.172{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BD9FFC5B1BF6204E261C11693A8FECCB,SHA256=A265CDEC2BDC908A92D44AE73C6D15470A3061A17F06904CF3DDBA439FC46E49,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287408Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:31.594{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D4FC6D37EA36E77DBB0D47B1DE0F1D59,SHA256=3EEC01B0ED6FA803751E626DCED61D257348FAC26A3FE078431C3475C2E1DDF1,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381441Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:31.397{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-29258-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381440Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:30.926{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-57293-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381439Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:30.280{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-21729-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381438Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:29.828{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-53104-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381437Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:31.353{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54A52335B704491F019E1C36ABECF83F,SHA256=6C90BDD47E802D9AA37BF73C3A2956996B540953718D9EE92536B20624D84001,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287407Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:31.328{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=04411CFA37A47EBFEBA17AB61494E65D,SHA256=3ECFBD95F1DFFD4148F59B49858ABF21F5D7F663014021F560A6C1F5BF2DFC8D,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287412Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:29.745{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-25620-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 354300x80000000000000001287411Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:28.547{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-20017-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287410Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:32.688{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B20BAEC6FA750B5498526134521FE25,SHA256=D249578DE6B3AE76EBB229F718E192F7BA68C3AA100061A2CA00767E77B90516,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381444Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:32.049{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-2837-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381443Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:32.368{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C2E67381A67866A94308021BFE8F7A8,SHA256=CBD968993B95202CA48CF967CF76910965FB593E380C3D60C11EC0D6B8F9040F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287409Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:32.547{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B09B0A3FF14B53596AA13161C6E0867C,SHA256=564E6D546D30AE0F8B357807D5486BBD6A0B7AE35355AEAA7C6FD72F2505E750,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381442Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:32.118{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5F5A3B47AEFE6DAA2DD781514C11E4E1,SHA256=EE96E5F4A13238DE20661265A9B283B75F161D846DB41F9690FD7E550F7655AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287414Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:33.906{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6827F36A8992D1EDBDF41A6784A11D83,SHA256=F5472CF1EA701709AD78B6D13D5DD427EE1F2491CB0DCCE30FCEDCA98EEC63B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287413Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:33.860{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D75DCCB34BF2ABE63ACB9F22F4315F37,SHA256=FDFA53C8448DD5C0AB8A6D3D8C17DE69082F78EB6517989D505C5D5566870A05,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381448Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:32.641{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse116.203.147.165static.165.147.203.116.clients.your-server.de64485-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381447Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:32.531{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-37124-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381446Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:33.398{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=552412019E80C470C411927F99E3C6FF,SHA256=A75E167E383F18382EE57B826C4D1C1D7515719141C6ABC946C34771AC839A5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381445Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:33.198{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B8C003E3F7A9E319F6AA61D629018539,SHA256=2D174DE1013E6FEF14C578D205C6EC55EB33EEEC75C6A7811B69E6B000D1680B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287417Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:34.985{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E30145166E4F51A38D774F19BBAA94D7,SHA256=F19410F60CE9554D534633703DC0C5CC75A9443701346319B66266F457C8E26E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287416Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:34.860{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D3EF072CBD244A59CB0677B8275972EB,SHA256=8EACF57E5D6C4ABAF2BF93890E8467D8D272D1F617A5C820352B39230518DDFE,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381451Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:33.126{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-6879-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381450Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:34.416{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DCE5E35360B9CB524FB04FE01F210E0A,SHA256=56B2B6DF851AC77B91DE918A533FDCDE363E8982BB35720E5C6440E5D12ED2E5,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287415Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:30.445{69CF5F33-7F33-614D-6600-00000000FD01}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-542.attackrange.local61528-false10.0.1.12-8000- 23542300x80000000000000001381449Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:34.297{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8FDEFAC640A6AFF8471C4FD467B7B09B,SHA256=45F1956C5C7645480F87F775785CED938186073FC80E9A0C6D9C1DDA0C97BC5D,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381457Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:34.891{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-53120-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381456Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:34.210{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-11005-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381455Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:34.107{5EBD8912-8CDC-6151-6E00-00000000FD01}2608C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-429.attackrange.local51262-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x80000000000000001381454Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:33.710{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-44647-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381453Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:35.449{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F0CE5BF934CA76C89F8A6923ADAE4583,SHA256=EFC7105C2B8C49C268E3E2E62180DAD32D65DF4E9C98652A191134C9C8E89FE0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381452Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:35.449{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=378B3A409EAAA2B0DAEC6A36A2066284,SHA256=CBBF53BE59301F44354F08A0B7C67B5EC3ABDD7254D63D6F30F017E6EEA2C43F,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287419Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:32.278{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-38478-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 354300x80000000000000001287418Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:31.179{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-32997-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 354300x80000000000000001381493Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.460{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-19478-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381492Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.028{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-1630-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381491Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:35.343{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-15187-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 10341000x80000000000000001381490Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2A-6151-9600-00000000FD01}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381489Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2A-6151-9600-00000000FD01}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381488Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2A-6151-9600-00000000FD01}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381487Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2A-6151-9600-00000000FD01}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381486Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2A-6151-9600-00000000FD01}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381485Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2A-6151-9600-00000000FD01}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381484Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2A-6151-9600-00000000FD01}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381483Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2A-6151-9600-00000000FD01}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381482Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2A-6151-9600-00000000FD01}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381481Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2A-6151-9600-00000000FD01}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381480Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2A-6151-9600-00000000FD01}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381479Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2A-6151-9600-00000000FD01}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381478Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2A-6151-9600-00000000FD01}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381477Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2A-6151-9600-00000000FD01}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381476Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2A-6151-9600-00000000FD01}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381475Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2A-6151-9600-00000000FD01}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381474Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2A-6151-9600-00000000FD01}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381473Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2A-6151-9600-00000000FD01}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381472Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2C-6151-9900-00000000FD01}5080C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381471Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2C-6151-9900-00000000FD01}5080C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381470Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2C-6151-9900-00000000FD01}5080C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381469Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2C-6151-9900-00000000FD01}5080C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381468Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2C-6151-9900-00000000FD01}5080C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381467Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2C-6151-9900-00000000FD01}5080C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381466Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2B-6151-9800-00000000FD01}4976C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381465Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2B-6151-9800-00000000FD01}4976C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381464Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2B-6151-9800-00000000FD01}4976C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381463Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2B-6151-9800-00000000FD01}4976C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381462Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2B-6151-9800-00000000FD01}4976C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381461Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2B-6151-9800-00000000FD01}4976C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001381460Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.748{5EBD8912-8CBF-6151-0D00-00000000FD01}900924C:\Windows\system32\svchost.exe{5EBD8912-8D2B-6151-9800-00000000FD01}4976C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000001381459Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.532{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C655F3EDE1F7A92B39847268ECB09FB4,SHA256=F1BEEBC174FABDA4529FE3140B89635185432395CDDE7BF52AE0C9F6626B0E64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381458Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:36.495{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EFB9D47CB1C72F0A657C04B291FCC258,SHA256=1AFF0DF562F37933700FDCCEEB700C0A2660D56EF508838001C79FF157A84E46,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287422Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:33.441{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-44263-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287421Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:36.344{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=29EE9CCE30F809A8D3E127EB3244845D,SHA256=57E69E7868D0FB585FD59753685861118C61832144A133B396430DE7239C9599,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287420Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:36.078{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E13739E0447AEFB89B44D35A9FA8930,SHA256=CA0AB3E51E064795DFD82741A08A4BFD73E1624440D5586291586D9084FB0FBF,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381496Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:37.163{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-9643-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381495Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:37.663{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1E306EB336E99307041DC1D5240DF027,SHA256=DC0F84BD1C07719D0A07B34FE15F5E8E89C42F3BFE0E4A0DD5E33C6AA6BCD19E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381494Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:37.579{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7A171D38B6D43255AD16D350192BDF2,SHA256=6FC79EA2D3850522FDF1E59EAE771D4F539EFE0B666316ABDDB41B7256946ECA,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287425Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:34.716{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-50536-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287424Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:37.424{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4FBFB4103779A4DD0C5622F0F8BC4F47,SHA256=C8F90D7EE7BAAE7B047550B145E094F3163087C37BCE0FE0C0E2C540D4300F27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287423Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:37.313{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4A1C8A454B8647D93EABA595512C1D6,SHA256=B724E0E3383DBA9EFF794515D8253E5B4836ED0327A2B8653B76E3230344B1EC,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381501Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:38.674{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-28628-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381500Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:38.263{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-16395-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381499Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:37.558{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-24175-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381498Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:38.746{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=27B621762ACC4BCB149F9ADE7406A27D,SHA256=BB1A2CF0F2B75B3A9D3C194901ABAAC6D1E7A3379EA1E4F21E8AD7B34EE5D3BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381497Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:38.593{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1DF3C782EFFBE4F7FD5615890BE0F42,SHA256=D8C3119EEC54B26E7BC8407010585B78C9E1CAE3AA88C3CDC61C8A248D599E22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287427Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:38.549{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1A075DC62E877923F976DA9F5433FD01,SHA256=D7E17321463DB0E768F23CD5B768766FBDE0579F5B218382AB7BCFFF9B206557,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287426Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:38.330{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94344A03E601A5B73B6D198169EAF538,SHA256=060112FC845932706FB1EA3095D338F6327F2BC6EECE23360C366435DC2705C0,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381504Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:39.460{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-24720-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381503Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:39.892{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B3656E94E5ECB17B1D5DE8EFC42C8254,SHA256=7688C86484B39266B763E8D47BE2CBA20CAE6373A2EF47EE09BA8AF93C0A6886,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381502Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:39.614{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B4F92CB6160B7D6293FBFF9713128D4,SHA256=257773A9235298C7FB3811A2680493F73F7AC28DD40798FDE842552421262BA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287431Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:39.690{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2E3FD1C5EBE4041893090810731DE630,SHA256=63DA4AF385C4BDF8FFDC7525FC8588C75694CB23C28F231F57001A06078659C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287430Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:39.346{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF3F6A4B3AC28A3EB2213CFDA6DF95DE,SHA256=873B7243591EEAC2DB9E14B0CFCAF264ABFF31CDBC986DC04555CF3A33494C10,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287429Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:35.808{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-56385-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 354300x80000000000000001287428Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:35.446{69CF5F33-7F33-614D-6600-00000000FD01}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-542.attackrange.local61529-false10.0.1.12-8000- 23542300x80000000000000001381505Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:40.630{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF79E967EAD578B0277A6C8065CA46F1,SHA256=FA27AC38A260EF433BAC41CDA6D58A38DBE1734C5A86CBACCC1647D6DCFB9E85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287434Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:40.768{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7ED7393BD4BCF1B800FF670DCDF5F944,SHA256=A9CBC987B4090747497EB8F7DD8B2A3FD8A8A56A8EC6E0C6664F5BC20A3125A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287433Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:40.361{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3FF8FD38E26ED9223661449468A6369C,SHA256=A189784E4E90AFA38D1D352426AA613CAB50103A18C958EEE28A196CBE4B647D,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287432Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:36.936{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-2556-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 354300x80000000000000001381511Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:40.917{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-37416-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381510Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:40.636{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-32104-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381509Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:40.121{5EBD8912-8CDC-6151-6E00-00000000FD01}2608C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-429.attackrange.local51263-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000001381508Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:41.691{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA18AC3744C7D184A2A178092A2EFA76,SHA256=CF6DEED495585F2A88ED07E11B420415A93142080F8E024F752BB5778DB1D470,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287435Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:41.377{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=973EDAF628F8995A2B795FBE11E9EDCE,SHA256=11322E634FFAE9FFDE26B7D0340023C9A74B73A54AD7952F476ED6D132EDB3A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381507Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:41.030{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2AC2E798DC9142CAA74D4B48E2340B22,SHA256=D4F9E4E01493FB52C4DAC146215DABFF299D9062F2B259054037315798441A27,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381506Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:39.792{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-32902-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381515Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:42.056{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-42023-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381514Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:41.771{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-39699-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381513Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:42.709{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D7E9E9D84FA41F5645A2313859F7FDC5,SHA256=CFB08864F0CE259C11A086E4714A04B8AD88FC6331F32E939E2399CF0D04A028,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287438Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:38.062{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-8142-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287437Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:42.393{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A61CBB8EEDC7AFC022313C384DE4C89,SHA256=D0337A057BAC6808B2BAC0C4B543ADFF2408EF7CA05AC95246959FAD94E95873,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381512Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:42.259{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AF1AF33F51FB2B3DC7AD8B8B859EADF3,SHA256=0136D14573ACC81FD050ADDDA7549F9F757504AD63B4C9DCEC9DF8A853A2815C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287436Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:42.049{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4DE7E50DDB3CA28B851A36C8BD271D77,SHA256=0843828FA65738A6079A512F90C9A35679FDBF1E21AE6FF24113A5A55A9433BB,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381520Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:42.950{5EBD8912-8CBD-6151-0B00-00000000FD01}640C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-429.attackrange.local51264-true0:0:0:0:0:0:0:1win-dc-429.attackrange.local389ldap 354300x80000000000000001381519Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:42.950{5EBD8912-8CD0-6151-2800-00000000FD01}2200C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-429.attackrange.local51264-true0:0:0:0:0:0:0:1win-dc-429.attackrange.local389ldap 354300x80000000000000001381518Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:42.896{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-47158-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381517Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:43.727{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B214A63624436FED9BBF3BDFF79A05C,SHA256=533EDF42ECA3B2C6DB462D5867BE9FE1131390353E6CA498BA127AE22F9CC4F7,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287441Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:39.327{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-14475-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287440Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:43.408{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2822E73C716760035E89A1E44CC774E,SHA256=894FF4C2083D74BB0A032353667BC6B8CB4EB2F82ADF78F9ECA3C2D37380070E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381516Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:43.389{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C8CC53D652C83401C3DC9734AF5203BC,SHA256=CC7EB007CE067E58EE37CCC38588840AC9CBA7703C455B9455F003D3540FD237,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287439Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:43.127{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FF0D1162BE6A45F15697AF365055EBAE,SHA256=1C11B0220C31172ABF844C7F5BA4D6FE396146740DDB1C3046AE43214E5FD922,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381524Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:43.285{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-46720-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381523Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:43.276{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse116.203.54.13static.13.54.203.116.clients.your-server.de58373-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381522Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:44.742{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FC77CA59E81FEA3C685B2000C52174A,SHA256=CD5D65413E3FBCE8B69BD5A98526A8FB89BF4DA34F989CED10CAF81469050E93,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287445Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:40.463{69CF5F33-7F33-614D-6600-00000000FD01}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-542.attackrange.local61530-false10.0.1.12-8000- 354300x80000000000000001287444Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:40.422{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-19216-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287443Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:44.440{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B69297A8DAA243D4CA81541C33BA52E,SHA256=C41FB24434A96564EEF82F66E0E3A5FC3BF55F399A7C6CACFD70A0EB974A7C7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381521Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:44.458{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BE0E57A4B00D8A2E751DEFB7FEF4A5E0,SHA256=1857D4BE041F1B03CB36ABE28D957D635E266B84A840C1B2A40A62EE3FF71499,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287442Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:44.205{69CF5F33-7F28-614D-1200-00000000FD01}968NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=E42AC5737DC4170785A6B8CA36332D42,SHA256=0738572390F232B82EF732CAA11EF139CF5BE223BEEA1AD87034B7625C4DB0AA,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381530Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:45.485{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-55606-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381529Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:45.154{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-4271-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381528Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:44.401{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-51188-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381527Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:44.070{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-55605-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381526Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:45.756{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57305888F75C4876DD524E82F7AC345F,SHA256=ACCF310838E3CAEBCAE4F9C778ECF29BFC854D85813CF06CE8A19B00BB2C31D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287447Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:45.771{69CF5F33-7F28-614D-1C00-00000000FD01}1852NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0a7b4daf9c254f4db\channels\health\respondent-20210924073259-5706MD5=C03F5A35DCD33CC76F546E3EA7D3F3DF,SHA256=27CB325E5A2A8D6C4E4022C2FAED9138BDF4BFE7B38BDA6EB79267B7EDAE26D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287446Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:45.582{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E726B1406AFD104A457297C132794AB8,SHA256=2689761A04C039931AC61DDFC44D192A004E4B769D2C0E5E2A5EB7CCD6F35C44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381525Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:45.557{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=21BB221C2C00A2E8D11326BBBF328E3B,SHA256=8687CEEC650A629B735E50B9B322EBCE581196850EBB5C126076DBB349E14798,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381535Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:46.576{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-59925-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381534Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:46.369{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-12314-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381533Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:46.079{5EBD8912-8CDC-6151-6E00-00000000FD01}2608C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-429.attackrange.local51265-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000001381532Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:46.787{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8EDB7B6E9116560FBE061F0D9FAEE45,SHA256=51DD2AD2BC4B70238617FA07E94C5DD5C5711321149BB12F611CAC42F8BB6899,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287450Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:46.896{69CF5F33-7F29-614D-1D00-00000000FD01}1960NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=72F9D15A308A3AFACD92589D17F2C03E,SHA256=E0EA3012FF17D797A034C0E7F787325C50EBFE6C56FB1128CC9B4A2A94A03D83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287449Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:46.785{69CF5F33-7F28-614D-1C00-00000000FD01}1852NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0a7b4daf9c254f4db\channels\health\surveyor-20210924073257-5707MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287448Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:46.612{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11E5AE04C71AF2CA970E26757453B6F5,SHA256=8046B9D3D72B2F5D07DF572CD7FF8400429E6949670F35A94BF76F9396315DBD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381531Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:46.640{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=114C49FA2B0720DC7A5A6526FA49D31B,SHA256=D4A7265840164364457986D0BD5C549F93A8E19DF3482A29F52B3C4AE2EABBC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381538Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:47.823{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C85402521F63BDADAFADB8029F75BDE,SHA256=C82604BB1E63947BDA0BA6254F4953760A9D0E96B69EA25B3273B53401507570,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287453Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:47.852{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F88CF325AFBD2EE4E4C614B325E47E50,SHA256=35C7CED1C07DAA856467453D79B60B291FC32A5CD9E5746FA400AC7AA68C5A42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381537Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:47.724{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=09B63628E3D49831FF98A80FB1CB2720,SHA256=805F05EC4EC70A8ED76D232D963C6A9472158BF459CE784091DCCEDFFE72C53C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381536Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:47.424{5EBD8912-8CD0-6151-3000-00000000FD01}1956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=72F9D15A308A3AFACD92589D17F2C03E,SHA256=E0EA3012FF17D797A034C0E7F787325C50EBFE6C56FB1128CC9B4A2A94A03D83,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287452Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:44.527{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-25081-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287451Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:47.255{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=317C4E108A10DC49EBB8BE42B65AC738,SHA256=2110F635DEF0BF171D59E4D4665F7D144E94D323B0844FF83AE4277E5D33CF1F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287455Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:48.867{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB977AC7C24AD72076D2FD110FA32E54,SHA256=E2409187ECC7FE78BA908769BD5000B3A6C4697CD06C449B1696F83AD9A59B13,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381542Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:48.855{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64D680E9E81EBB14AFAA2E4BF414FEFD,SHA256=D1413F855133370B5038A8F18346A2AFC6CA92B5587DC2A6A9A41123F18BFFCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381541Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:48.758{5EBD8912-8CD0-6151-2F00-00000000FD01}2544NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0fd64d26ae25a9a58\channels\health\respondent-20210927092018-1389MD5=418358CD28D1B50422280074BE968B1D,SHA256=C8286C1C0A91E4E2C2FF9D12E0FDD08F235EAD61265C1678C815B6AB5A1254BF,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381540Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:47.651{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-5044-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381539Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:47.537{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-20339-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001287454Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:48.320{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C5DAE63EFE8A80F58BEA7112D01005A9,SHA256=0AFD1E53126698A869AA51E831BB95C09F21EF0ADCA1B8CB9E489F91825E02CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381561Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:49.870{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=36F91CCD95DDF3AFFDCFA52A00981DDF,SHA256=24F93C4F63E17265E418B164524B6960EA5194D2A686481CD9567801A4FD9BF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287458Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:49.867{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA75E241B4670725F8C9D6995C832710,SHA256=36868DB42004AEA2DE6737AE536115730FAE440FB096603FD87F76EAC25B2E05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287457Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:49.445{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=45DCE13773D09CE15E9F9B2CA542B4A2,SHA256=917AE9EE5DA9032C9215F085C75677CB9ED0B77D81B8A7192373AED6A20EA780,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287456Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:45.232{69CF5F33-7F29-614D-1D00-00000000FD01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-542.attackrange.local61531-false10.0.1.12-8089- 23542300x80000000000000001381560Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:49.772{5EBD8912-8CD0-6151-2F00-00000000FD01}2544NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0fd64d26ae25a9a58\channels\health\surveyor-20210927092016-1390MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381559Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:48.943{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-10284-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381558Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:48.920{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-10170-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381557Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:48.897{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-10075-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381556Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:48.875{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-9932-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381555Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:48.840{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-9782-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381554Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:48.804{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-9709-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381553Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:48.803{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-29172-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381552Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:48.781{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-9633-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381551Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:48.765{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-28886-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381550Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:48.758{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-9539-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381549Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:48.735{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-9451-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381548Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:48.730{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-28727-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381547Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:48.705{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-28554-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381546Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:48.679{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-28364-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381545Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:48.653{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-28180-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381544Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:48.629{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.32-27870-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381543Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:48.393{5EBD8912-8CD0-6151-3000-00000000FD01}1956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-429.attackrange.local51266-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x80000000000000001381574Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:50.886{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5547DDAE10C5BF5F1C484F68DC8F2A4,SHA256=B52753F4C20CEEE07645B9F003774FEC6AAC14090E5C156601B53395B3AE5059,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287463Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:50.899{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D1C3328F99DE5074E74290AB0DF4B43,SHA256=84140554866EFB097ACA643264AE66A94C64CAE4BF29695DCF3F2CB1497CE7A7,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381573Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:49.243{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-11480-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381572Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:49.220{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-11406-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381571Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:49.198{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-11334-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381570Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:49.176{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-11253-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381569Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:49.153{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-11141-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381568Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:49.129{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-11046-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381567Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:49.107{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-10962-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381566Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:49.085{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-10890-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381565Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:49.062{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-10792-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381564Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:49.039{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-10628-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381563Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:49.001{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-10513-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381562Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:48.978{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-10373-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001287462Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:50.524{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=961B8D9D8823A75AE08F2266F9A0464B,SHA256=8BE64FFCDFE678A977AE0F26C33EDE33241A5BC85949C9EF6011348F2910C299,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287461Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:46.712{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-49956-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 354300x80000000000000001287460Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:46.406{69CF5F33-7F33-614D-6600-00000000FD01}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-542.attackrange.local61532-false10.0.1.12-8000- 354300x80000000000000001287459Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:45.628{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-44576-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287465Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:51.945{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3D484668610C8CC19471C13CEAAF997,SHA256=3B18EDB25F3FEFCEC861B344A9F94F0C798D2381474B9B90F98AEDF1BFDBC727,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381582Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:51.923{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=00415B8D42407E94A26CA9C9B64E489F,SHA256=40B9B1630FD65AF0299B1B2AE5E88FEB22481B032F91B8C2409E2B83A9C63B53,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381581Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:49.716{5EBD8912-8CA0-6151-0100-00000000FD01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:65e5:9cae:dd2b:361bwin-dc-429.attackrange.local51267-truefe80:0:0:0:65e5:9cae:dd2b:361bwin-dc-429.attackrange.local445microsoft-ds 354300x80000000000000001381580Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:49.716{5EBD8912-8CA0-6151-0100-00000000FD01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:65e5:9cae:dd2b:361bwin-dc-429.attackrange.local51267-truefe80:0:0:0:65e5:9cae:dd2b:361bwin-dc-429.attackrange.local445microsoft-ds 354300x80000000000000001381579Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:49.357{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-11909-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381578Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:49.334{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-11823-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381577Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:49.310{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-11749-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381576Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:49.288{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-11650-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 354300x80000000000000001381575Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:49.266{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.43.65-11569-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001287464Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:51.930{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AF4704B01058328F4427CEBC4F9316F5,SHA256=9976EC52FB15F7515A80BE5C9929381CCD705287968A875C8AAF5BE8EEA6CED9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381583Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:52.953{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10D6CCFE15297EBBA03E8E403809A728,SHA256=AD89A4DBEA7429C02E64C5DA03BAA757C63F4536840732B1D6FA8FCA35754A20,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287467Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:49.024{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-1849-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 354300x80000000000000001287466Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:47.818{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-54871-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001381585Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:53.983{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DAD289929CAA0652AE7243DBA175382E,SHA256=EE98245695C514E1E7176A9F4B2D560500009F67E248CB5B8111E38015E34BFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287469Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:53.070{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E5FEF932C502173C22D26FB0C1C35FC0,SHA256=842E35029FF9013DAFDB07B1352C56146AC3EF1E21866DA43F755007FA30B5F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287468Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:53.039{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5423090249C4941340CDC36DB4DE2C6,SHA256=B35F328BA01579C986ED942800879B5C326BD2D3D5B09CD61E52BF6A3C48204F,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381584Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:52.030{5EBD8912-8CDC-6151-6E00-00000000FD01}2608C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-429.attackrange.local51268-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000001287472Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:54.414{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C182335585FE807DD431354FE13F4F9F,SHA256=2CCF752CA44F37EEFDFE0F8E928DE9CC7A5B70051D67F1CC608CB55B9BC9AA21,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287471Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:50.324{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-8116-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287470Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:54.055{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DAA5AEA4F497BEAB135C3AF1DD397AB7,SHA256=BF788EF0FD46BFF29C0BE762D6E3601A8D806C0F87FE1B1D911DC614A12B9F59,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287476Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:51.547{69CF5F33-7F33-614D-6600-00000000FD01}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-542.attackrange.local61533-false10.0.1.12-8000- 354300x80000000000000001287475Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:51.443{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-13804-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287474Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:55.539{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1FC1EBE297AEAB2AE13A7385A459983D,SHA256=65F750496502082F6180737E99895F475B9262AF1F26B1529F3D46CC50424C71,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287473Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:55.055{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3282F7BAFE86C328A7E878DBD687A587,SHA256=588F6B60D523E143339132913957289C571B49C83E7DAC90C284DBAE5C33E6D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381586Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:55.001{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4094E7950A6ED2172153B7B3C9D5904,SHA256=EE7C49DCDEC8768B3D58FD4F707B50692CD2C870163B768A71DD8B46D30D7D03,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381588Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:55.810{5EBD8912-8CC0-6151-0F00-00000000FD01}300C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse13.235.255.213ec2-13-235-255-213.ap-south-1.compute.amazonaws.com49310-false10.0.1.14win-dc-429.attackrange.local3389ms-wbt-server 23542300x80000000000000001381587Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:56.034{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1963BDD2BDB7BB75755266A1BE4248C6,SHA256=D5D0D5DE1DA3E89CDCD78CD42EDCD468C1925E5ACF4DE5B27F1F9F19013D3EEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287479Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:56.633{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CE02528C39B7F8B79BC915CFB49A04D9,SHA256=6A6D21A88FBD51AF80C1147BB18A5C28502E1DA58F3C7F9A6CDEC659BB58EB7A,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287478Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:52.801{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-20102-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287477Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:56.070{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C8CCFA72F044457910B15E08B7F5497,SHA256=07775DAFB95185D0C72F7ABEF085D5653AEC05B899EC35E1F3D66952B6237E71,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001381590Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:57.040{5EBD8912-8CDC-6151-6E00-00000000FD01}2608C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-429.attackrange.local51269-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000001381589Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:57.048{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=31E0352BEDBDBC7A4D15E68728673616,SHA256=3485254E4B33D49CDAEDF3E37816E0DAFE93EB32EDC49ADA6B1BAA3B5132E05E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287482Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:57.720{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1D8D05CD605696CF453BA450F1F2B73B,SHA256=B1D385B097107CF3D0AACB48475CB8D943C39167FA7225560B00A7F5E82A828C,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001287481Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:53.911{69CF5F33-7F28-614D-1000-00000000FD01}944C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse94.232.42.105-26031-false10.0.1.15win-host-542.attackrange.local3389ms-wbt-server 23542300x80000000000000001287480Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local-2021-09-28 09:05:57.086{69CF5F33-7F3A-614D-7000-00000000FD01}3160NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F5E6D232386E86A59C6E7B6856215B9,SHA256=A4CA71CB35926837B23C3B7E6B1C0E0472439F8B8CDE28E10A0EF7908184AF95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001381591Microsoft-Windows-Sysmon/Operationalwin-dc-429.attackrange.local-2021-09-28 09:05:58.097{5EBD8912-8CE3-6151-7700-00000000FD01}704NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3B30C7D45FB69445DEB794245C09995E,SHA256=BC26CFE0F82140F50E31BBA56F33DC93DF7E04C6511556B98201F0B5C6E3B195,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001287485Microsoft-Windows-Sysmon/Operationalwin-host-542.attackrange.local