23542300x800000000000000031864Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:41:40.434{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C568ABAE1AE073D61FFA5BF0DA213C5,SHA256=64936E302D44B1AEA0F0CD0344AB7A7A8375050F9FAE546857635E162354C041,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045285Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:40.076{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65DFF6AE6B47181C970A8A7427C87F37,SHA256=CAACA3237D41CC5FC9E317E3190C8CCBC6C30929213AB48303038FFDA92EC0B3,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031865Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:41:41.450{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88616F34A18367E1DF3E9C245E28E948,SHA256=54F232B4E41C0D04A63B075CCCA42FAD8CF5479D393C0383A3AE6125E462C52D,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045287Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:39.627{82A15F94-3542-6112-DF00-00000000E501}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-15.attackrange.local64273-false10.0.1.12-8000-
23542300x800000000000000045286Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:41.091{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=767324DD23807C9380CD6D4E7E6E3C6B,SHA256=3AB373C009E93F035672CEEAAB43E770693A2DF85845D7F7B6B1B3877443D317,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031867Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:41:42.466{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=169EC5283DCAD06B38557FEBA9726928,SHA256=67B994549192348BF2E135C7164E3979718D2A11FB853C724B1C465C6CC5AA15,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045290Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:40.544{82A15F94-348E-6112-0100-00000000E501}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local64274-truefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local445microsoft-ds
354300x800000000000000045289Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:40.544{82A15F94-348E-6112-0100-00000000E501}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local64274-truefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local445microsoft-ds
23542300x800000000000000045288Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:42.121{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A98EE9805A63709C79D98C8CD07C2F4,SHA256=0702DA5CD17A6C3E3EA2A8C8EF361933B764325F040F5E41753505268A11D159,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000031866Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:41:40.015{82855F7C-36F9-6112-C600-00000000E601}3984C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local51443-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000031868Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:41:43.482{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=057FE951608A36C299590ED14F201963,SHA256=9C537938BAF6DA41DB8D7CB2F2F4EE77D178A390FC7D4EBB64AB8E381973CDDD,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045291Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:43.154{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=29872DE0616B9682CFC8AFBF20E780A1,SHA256=FCCBF60B48B44C37386E693EA5482D3165957E08E4BCB90B1F830705C8DD7CAB,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031869Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:41:44.497{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8263FE741F1FBBECB4D0F839EE8F5DAF,SHA256=1CA4284305B4D30C744E07F255ADA7488C6E6CEB317D437B487C9FEE00689B8B,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045292Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:44.173{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CD94F1B7A8BF1375EB512B02F9E216A,SHA256=1F68FEFBD39D189384C632942C635881B96242DE68A76E07ACFD15AC2FABBEE1,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031870Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:41:45.513{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3F1C0EB2A3ABE6056039539DE4D7EC8,SHA256=F53D0FE963EA1292CC8ECE1ABE42987B967D61B8D7129CE119C0AAB4B7EEE094,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045293Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:45.204{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32C86E6EA3542C3F646C1B67EA85D37E,SHA256=B870026B9B3D35DC6C686A285B5C485E2EEA8AA233523DBC67D64BDDFD96EC7F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031871Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:41:46.528{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A78B0F3685B8928BD24F09F1FFBEFF53,SHA256=74796DA35F574A320E6E22D099F02F3989A0E377ECF9B76368B463132AC65FB0,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045294Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:46.289{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5FC553D6A6BB68176CBBDEB72A7CB980,SHA256=87EB99F3F0B9F9936DFED2F36D996C1F7C6FBB0235046BA550DC69E8A9B73AE0,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031872Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:41:47.544{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7E7AEB00D9572AB2696B089CEDF36AE,SHA256=685F8F6DDF90FF862594D575B7955AC38B1A94F3E8E9AA18FC604B23EE230159,IMPHASH=00000000000000000000000000000000falsetrue
13241300x800000000000000045298Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-SetValue2021-08-10 10:41:47.372{82A15F94-34A4-6112-2C00-00000000E501}2928C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\80A749DD-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_80A749DD-0000-0000-0000-100000000000.XML
13241300x800000000000000045297Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-SetValue2021-08-10 10:41:47.372{82A15F94-34A4-6112-2C00-00000000E501}2928C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\9A7B1CBE-334F-49C9-89E1-93C4FD220585\Config SourceDWORD (0x00000001)
13241300x800000000000000045296Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-SetValue2021-08-10 10:41:47.372{82A15F94-34A4-6112-2C00-00000000E501}2928C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\9A7B1CBE-334F-49C9-89E1-93C4FD220585\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_9A7B1CBE-334F-49C9-89E1-93C4FD220585.XML
23542300x800000000000000045295Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:47.319{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE53DBFF431A20E581F9491FFBC0E8A9,SHA256=7E919CB38903C7B8CE09412E2C9E68411503C76EA00807E7DCE1478823C22965,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031874Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:41:48.546{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A68562BA8B2E8CD99D63BD1745FA84B4,SHA256=0CE0C156ECC9955987C0563E676F0AACD370A938E0E8A1F969F7751C0D89EB98,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045308Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:46.838{82A15F94-3491-6112-0B00-00000000E501}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local64278-truefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local389ldap
354300x800000000000000045307Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:46.838{82A15F94-34A4-6112-2C00-00000000E501}2928C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local64278-truefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local389ldap
354300x800000000000000045306Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:46.822{82A15F94-3491-6112-0B00-00000000E501}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local64277-truefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local389ldap
354300x800000000000000045305Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:46.822{82A15F94-34A4-6112-2C00-00000000E501}2928C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local64277-truefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local389ldap
354300x800000000000000045304Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:46.808{82A15F94-3493-6112-0D00-00000000E501}900C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local64276-truefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local135epmap
354300x800000000000000045303Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:46.808{82A15F94-34A4-6112-2C00-00000000E501}2928C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local64276-truefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local135epmap
23542300x800000000000000045302Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:48.403{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4B02E97255CFE73341C3C417E002EBDC,SHA256=A9E8813AE8446FE1276DEEAD1A1E6E0EED3AEA71723D341364525E72D92B2F03,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045301Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:48.403{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9FFCBD8B48F350D5450148ADB58CF475,SHA256=EE1F867FAA3F32AF1EE8981CAE765C39193C1BCB83F3D09B4FD1B3CC3AD90A52,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045300Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:48.329{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5654CF19CE5D74311A0F544DCCAB1BDD,SHA256=01A2E997CF817C5856AF43C6783CC46C5C48C13B78B2133409EE26AD61DD4517,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000031873Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:41:45.952{82855F7C-36F9-6112-C600-00000000E601}3984C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local51444-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
354300x800000000000000045299Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:45.555{82A15F94-3542-6112-DF00-00000000E501}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-15.attackrange.local64275-false10.0.1.12-8000-
23542300x800000000000000031875Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:41:49.561{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D680218D77F8E0E21CF7294979B32E9,SHA256=4CD590A8C8A8DFB79FB21D60A34010123DC9B39EBA2FE872A56F1FED2DFA361C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045309Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:49.354{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32F3F385CF9A3011E3001435FCCD7CB2,SHA256=FC3902B4C4378B172F01CD06505303576A1C3F904677EC338E7CF52E46574481,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031876Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:41:50.561{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1626C738CDB0E59C450DF61BD63D3F1F,SHA256=B95DBE0734101C8114B62A70D2B8CA2397AC4618A4FAA4A6C4D67540F9F1A7EC,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045313Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:50.386{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=336D15231DB780EA2463CF25DBC1473C,SHA256=A3873E75F375FD84AC013DF543743DF6DF328E7238109372B6322C5E28E377DD,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045312Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:50.002{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-3494-6112-1500-00000000E501}1236C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045311Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:50.002{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-3494-6112-1500-00000000E501}1236C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045310Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:50.002{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-3494-6112-1500-00000000E501}1236C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000031877Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:41:51.577{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9932ECADCD3CE9B97DECA75B9C20D2E9,SHA256=AAED798DA1596F6C7A3C70B0B4F9C4B5AF43FBC0C914598FC13BD0426CBB7520,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045314Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:51.417{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A94FE683D13E794175D0C6C4E0A8EF4,SHA256=0C08202F320D811E20FB16242C067D626039D89D783034A8356E8BFDCC9238CF,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031878Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:41:52.593{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=613A4F78F8B4C5585BF29EB5E2E95CBE,SHA256=F73162A7A3369E1D04CC0741FE8BDA60E80118B931CD863AEEDC23DB4FAF7B61,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045315Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:52.450{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3EB952D53518A61F93DBD46C566A9F0D,SHA256=00A1D5E623FADB6BEE76D4BA5F29DDB5A99C832310D73830565882F656E46594,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031880Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:41:53.608{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7AFAA7670D13F5F06F799923F66E1A20,SHA256=E4068B4FC6C56EF64EA43F921FFE641406D5111693C34B550CA067A810F453E6,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045319Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:53.915{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4BEB46C227DC2951800351B17291E7D4,SHA256=F71727C6D7EDE77CF943F8492C15C6989C9FA28348AEFF6E0CB08F5D7C97732D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045318Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:53.915{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4B02E97255CFE73341C3C417E002EBDC,SHA256=A9E8813AE8446FE1276DEEAD1A1E6E0EED3AEA71723D341364525E72D92B2F03,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045317Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:53.468{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3B543581CF798D6907AF223A504A4B4B,SHA256=4B97A92623A9B36BDE6F652532A5C85181D84E61508A9F517235407BD494D25E,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000031879Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:41:51.970{82855F7C-36F9-6112-C600-00000000E601}3984C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local51445-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
10341000x800000000000000045316Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:53.000{82A15F94-3491-6112-0B00-00000000E501}6321008C:\Windows\system32\lsass.exe{82A15F94-348E-6112-0100-00000000E501}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e
23542300x800000000000000031881Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:41:54.608{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=67F8B762EC50395A96331DBA20E6E97A,SHA256=18847C3F6A7DFC78AC390AE25AA8D0743D8C5CEB63F1DE37E04BC932AF5C4668,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045333Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:54.484{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4ACB01172D8F60E0494CAABC9C90CD3B,SHA256=13F24C693526D166497A788162D4224CF1F237C440616A09F8F96E108FB6F570,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045332Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:52.441{82A15F94-3491-6112-0B00-00000000E501}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local64285-truefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local49666-
354300x800000000000000045331Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:52.441{82A15F94-3494-6112-1400-00000000E501}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcptruetruefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local64285-truefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local49666-
354300x800000000000000045330Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:52.440{82A15F94-3493-6112-0D00-00000000E501}900C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local64284-truefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local135epmap
354300x800000000000000045329Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:52.440{82A15F94-3494-6112-1400-00000000E501}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcptruetruefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local64284-truefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local135epmap
354300x800000000000000045328Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:52.351{82A15F94-3491-6112-0B00-00000000E501}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-15.attackrange.local64283-false10.0.1.14win-dc-15.attackrange.local389ldap
354300x800000000000000045327Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:52.351{82A15F94-3494-6112-1600-00000000E501}1288C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-15.attackrange.local64283-false10.0.1.14win-dc-15.attackrange.local389ldap
354300x800000000000000045326Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:52.339{82A15F94-3491-6112-0B00-00000000E501}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local64282-truefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local389ldap
354300x800000000000000045325Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:52.339{82A15F94-3494-6112-1600-00000000E501}1288C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local64282-truefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local389ldap
354300x800000000000000045324Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:52.339{82A15F94-3491-6112-0B00-00000000E501}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local64281-truefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local49666-
354300x800000000000000045323Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:52.338{82A15F94-3491-6112-0B00-00000000E501}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local64281-truefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local49666-
354300x800000000000000045322Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:52.337{82A15F94-3493-6112-0D00-00000000E501}900C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local64280-truefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local135epmap
354300x800000000000000045321Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:52.337{82A15F94-3491-6112-0B00-00000000E501}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local64280-truefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local135epmap
354300x800000000000000045320Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:51.567{82A15F94-3542-6112-DF00-00000000E501}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-15.attackrange.local64279-false10.0.1.12-8000-
23542300x800000000000000031882Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:41:55.624{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1419D7FA4224C6E5F05516F1EAAB7674,SHA256=2BDB00F47E9EA05770B5B948C487471C2491042A2ADD7CC41330383C5050B156,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045353Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:55.899{82A15F94-353A-6112-B500-00000000E501}14804460C:\Windows\system32\conhost.exe{82A15F94-57F3-6112-FB07-00000000E501}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045352Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:55.899{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045351Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:55.899{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045350Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:55.899{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045349Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:55.899{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045348Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:55.899{82A15F94-3491-6112-0500-00000000E501}420436C:\Windows\system32\csrss.exe{82A15F94-57F3-6112-FB07-00000000E501}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000045347Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:55.899{82A15F94-353A-6112-B100-00000000E501}38084328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82A15F94-57F3-6112-FB07-00000000E501}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000045346Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:55.900{82A15F94-57F3-6112-FB07-00000000E501}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{82A15F94-3491-6112-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{82A15F94-353A-6112-B100-00000000E501}3808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000045345Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:55.498{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D829DD29F8FEE5083CDD6E249F836C2A,SHA256=EFC72F8C5FDBA801E844C66BBA23350FA61C770D0E542FFDCD89ED9651ED5FA2,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045344Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:55.383{82A15F94-57F3-6112-FA07-00000000E501}2968756C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{82A15F94-353A-6112-B100-00000000E501}3808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045343Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:55.230{82A15F94-353A-6112-B500-00000000E501}14804460C:\Windows\system32\conhost.exe{82A15F94-57F3-6112-FA07-00000000E501}2968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045342Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:55.230{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045341Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:55.230{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045340Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:55.230{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045339Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:55.230{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045338Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:55.230{82A15F94-3491-6112-0500-00000000E501}4201700C:\Windows\system32\csrss.exe{82A15F94-57F3-6112-FA07-00000000E501}2968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000045337Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:55.230{82A15F94-353A-6112-B100-00000000E501}38084328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82A15F94-57F3-6112-FA07-00000000E501}2968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000045336Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:55.231{82A15F94-57F3-6112-FA07-00000000E501}2968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{82A15F94-3491-6112-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{82A15F94-353A-6112-B100-00000000E501}3808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
354300x800000000000000045335Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:52.444{82A15F94-348E-6112-0100-00000000E501}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local64286-truefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local445microsoft-ds
354300x800000000000000045334Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:52.444{82A15F94-348E-6112-0100-00000000E501}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local64286-truefe80:0:0:0:4d93:4bc3:d9a9:7331win-dc-15.attackrange.local445microsoft-ds
23542300x800000000000000031883Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:41:56.624{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE35AB96AF2F30731A9F1E947B3A6A88,SHA256=ED976572F90F3F5596B97135CCF3E23D5BF5FEAE0574D04AC4B101D28F62A208,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045363Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:56.583{82A15F94-353A-6112-B500-00000000E501}14804460C:\Windows\system32\conhost.exe{82A15F94-57F4-6112-FC07-00000000E501}7064C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045362Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:56.583{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045361Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:56.583{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045360Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:56.583{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045359Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:56.583{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045358Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:56.583{82A15F94-3491-6112-0500-00000000E501}4201700C:\Windows\system32\csrss.exe{82A15F94-57F4-6112-FC07-00000000E501}7064C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000045357Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:56.583{82A15F94-353A-6112-B100-00000000E501}38084328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82A15F94-57F4-6112-FC07-00000000E501}7064C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000045356Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:56.584{82A15F94-57F4-6112-FC07-00000000E501}7064C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{82A15F94-3491-6112-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{82A15F94-353A-6112-B100-00000000E501}3808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000045355Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:56.514{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=114EF722612260BEE0D6AD169B199811,SHA256=8344BD59F7DAFEBED47D56B3A12DC8DF027354EC184F3E6942F4D33EF1C6ACE0,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045354Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:56.248{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4BEB46C227DC2951800351B17291E7D4,SHA256=F71727C6D7EDE77CF943F8492C15C6989C9FA28348AEFF6E0CB08F5D7C97732D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031884Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:41:57.639{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=648AEADB0590C8AACBAC363621895040,SHA256=4C938CD96609E41D2C7C8E9D0C3A6C37185531E8EE27F552B8510C531DBB709A,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045383Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:57.948{82A15F94-57F5-6112-FE07-00000000E501}48205572C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{82A15F94-353A-6112-B100-00000000E501}3808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045382Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:57.782{82A15F94-353A-6112-B500-00000000E501}14804460C:\Windows\system32\conhost.exe{82A15F94-57F5-6112-FE07-00000000E501}4820C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045381Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:57.782{82A15F94-3491-6112-0500-00000000E501}4201700C:\Windows\system32\csrss.exe{82A15F94-57F5-6112-FE07-00000000E501}4820C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000045380Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:57.782{82A15F94-353A-6112-B100-00000000E501}38084328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82A15F94-57F5-6112-FE07-00000000E501}4820C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045379Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:57.782{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045378Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:57.782{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045377Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:57.782{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045376Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:57.782{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000045375Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:57.784{82A15F94-57F5-6112-FE07-00000000E501}4820C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{82A15F94-3491-6112-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{82A15F94-353A-6112-B100-00000000E501}3808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000045374Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:57.598{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E366888337675B6E1CEAEA8B513ACC56,SHA256=C1356DD3D5CB5590DA4A69B2D481C0E31C81C7776BF96F80B3C7B3672CF0C10E,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045373Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:57.551{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D80A65171532EFE1CED9E6CB2368BB11,SHA256=6A92FC5E50C12AD0CBDE8B675873F2EBF0AF6FCE019B6426F5F660B2E4D69DB9,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045372Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:57.429{82A15F94-57F5-6112-FD07-00000000E501}65201044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{82A15F94-353A-6112-B100-00000000E501}3808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045371Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:57.282{82A15F94-353A-6112-B500-00000000E501}14804460C:\Windows\system32\conhost.exe{82A15F94-57F5-6112-FD07-00000000E501}6520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045370Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:57.282{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045369Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:57.282{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045368Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:57.282{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045367Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:57.282{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045366Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:57.282{82A15F94-3491-6112-0500-00000000E501}4201700C:\Windows\system32\csrss.exe{82A15F94-57F5-6112-FD07-00000000E501}6520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000045365Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:57.282{82A15F94-353A-6112-B100-00000000E501}38084328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82A15F94-57F5-6112-FD07-00000000E501}6520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000045364Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:57.283{82A15F94-57F5-6112-FD07-00000000E501}6520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{82A15F94-3491-6112-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{82A15F94-353A-6112-B100-00000000E501}3808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000045394Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:58.797{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D79D1F19F729AFDF3B56724493595F77,SHA256=2BC99F2EED5BD631BFD56A08ACB642C55CE9E879BA9E1AACB08E3ED23003B588,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045393Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:58.613{82A15F94-57F6-6112-FF07-00000000E501}1084104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{82A15F94-353A-6112-B100-00000000E501}3808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000045392Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:58.566{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8015722E8228E21BEE5E997A588FAC17,SHA256=82A1F6F63E1F197631967F160FADCF8BEB1C5B0F7792B39EA524D1482A02AAE4,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031885Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:41:58.655{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AFA70D6C4AF99D4A0DE148A9372E547,SHA256=3D43B37E1B581E70C1F30064E7C7C500A5E5D6DF816D989B5CAE84073210302D,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045391Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:58.466{82A15F94-353A-6112-B500-00000000E501}14804460C:\Windows\system32\conhost.exe{82A15F94-57F6-6112-FF07-00000000E501}1084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045390Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:58.466{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045389Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:58.466{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045388Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:58.466{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045387Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:58.466{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045386Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:58.466{82A15F94-3491-6112-0500-00000000E501}420532C:\Windows\system32\csrss.exe{82A15F94-57F6-6112-FF07-00000000E501}1084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000045385Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:58.466{82A15F94-353A-6112-B100-00000000E501}38084328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82A15F94-57F6-6112-FF07-00000000E501}1084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000045384Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:58.467{82A15F94-57F6-6112-FF07-00000000E501}1084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{82A15F94-3491-6112-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{82A15F94-353A-6112-B100-00000000E501}3808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
354300x800000000000000031887Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:41:57.954{82855F7C-36F9-6112-C600-00000000E601}3984C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local51446-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000031886Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:41:59.671{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=961C9ACF2A17F16302050FDD79D4020E,SHA256=B006B089060292314D2B1B4E683E9D5EE7CBD75A289F2E0F36EB2950BC56DCBD,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045403Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:59.596{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8EC6FC35C11D3EF8ABC864FCCECD3EC4,SHA256=E0D3699DEF824F9488C123C42F0696BE77B50C09BA7EC089278E440A394CA3F8,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045402Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:59.148{82A15F94-353A-6112-B500-00000000E501}14804460C:\Windows\system32\conhost.exe{82A15F94-57F7-6112-0008-00000000E501}440C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045401Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:59.146{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045400Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:59.146{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045399Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:59.146{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045398Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:59.146{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045397Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:59.146{82A15F94-3491-6112-0500-00000000E501}420532C:\Windows\system32\csrss.exe{82A15F94-57F7-6112-0008-00000000E501}440C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000045396Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:59.145{82A15F94-353A-6112-B100-00000000E501}38084328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82A15F94-57F7-6112-0008-00000000E501}440C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000045395Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:59.144{82A15F94-57F7-6112-0008-00000000E501}440C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{82A15F94-3491-6112-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{82A15F94-353A-6112-B100-00000000E501}3808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000031888Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:00.686{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F75FBDCA2386F2C2F3A63DE4B735A0F8,SHA256=EA9E1C94240B3DF1C4A4DE65EF66A3F1E121891ABA89AD51B8C3BD6DD82B2C0A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045406Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:00.645{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AA6EAAC850B41432A9DA62190F9016F,SHA256=6A9BBD84C947AD8E3C50D8090BD9BFEEE5939E127DCE2385BA98D29C280206D9,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045405Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:41:57.501{82A15F94-3542-6112-DF00-00000000E501}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-15.attackrange.local64287-false10.0.1.12-8000-
23542300x800000000000000045404Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:00.149{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=87BB040BFB6F98159B160B5F1CD61FA3,SHA256=7B2F2EF51026C4AB0FDD8B897CEE8CDCF04C47654A4711049497C5B48908D9D2,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031889Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:01.702{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C8173DDFC6A75752C685DF4E1B89191,SHA256=E53515E2DB29F8DEB5A09C3A5B1D01E03488E32C345E61E42D5C006364BDB8FF,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045407Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:01.664{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD523A1C25D7DE503E0EDF4DDE09865F,SHA256=B402E9C86E3571E1B50D7C2E3786840DF7C4786177129D2B32F5806EBD1862B0,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045409Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:02.725{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE22CCD6B6E9AD68EBE691E903B46C2B,SHA256=B00BC7B62D8024F01F263B2B3EE3EA511C7D53A67F8D7E5D58D122E39B7F14B8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031890Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:02.718{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=36904341D151F46AB1BAE7FA124CCB0E,SHA256=BBDB7679AD2CB39201A6D2CC23F7F6697287B377132A44974AB24BF5F607A254,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045408Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:02.026{82A15F94-3493-6112-1100-00000000E501}412NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=565167A061EAB3FE53C2035D64AFAC61,SHA256=05FE14DEC0CB0B76F4D3225EEA5AF186151D59A13E1B0EF1EBC118EC5DBB8C81,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031892Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:03.733{82855F7C-36F1-6112-9800-00000000E601}3912NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=2ADC5C3504B3C61C2CF52343BC9CBCEA,SHA256=DCE76430D502254FA177C54C66CE91E13AF1880F391810050FAE02682F8CC6CD,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031891Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:03.733{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74F46DBFDD784DBF79337042A8C84A3D,SHA256=1798E4100DBE6C4BC4446CA1ECD5095236FC57D22A9D18F90AA25866EB0486F9,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045410Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:03.743{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7CF356715D5743FF9DA3E5134737968,SHA256=1E70E06C72F3A76E2EC0CA2A9C0901E406AAD9B9347B72482424462EAF7DD97D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031893Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:04.764{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E5B08DAFD85B9D7AF7B33D3CA41CBDF,SHA256=1175892B1B0F456826FA870A7FD54391C17BD53FA3FC43C1C9E113862A9AA923,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045412Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:04.777{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E142267AFBF44535A6F520CD0FF0070B,SHA256=F3528829F53A5478606C52F9A523DDE9F27762CD3B27CE4014E778C5D0BD82EA,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045411Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:04.761{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=55F3F336B14D2F80C73D512C7A899980,SHA256=659ED04732CC81E6DEB7B875C0D8FFA332D248955BF45761D94CE4A03787B3F3,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031896Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:05.764{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=716CBF8504D72738B04F378CD108B472,SHA256=FE1F3DDB6EDA718C216080454857A12A3C4B8E256203B1A8D95FBD41B77482C4,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045414Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:05.776{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0185DD111A9543C5CC0BA438B3D14418,SHA256=342E2930827D65A2973C61C9478036DD84D1B639A7374FE30A08D03F66D17096,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000031895Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:03.938{82855F7C-36F9-6112-C600-00000000E601}3984C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local51448-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
354300x800000000000000031894Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:03.501{82855F7C-36F1-6112-9800-00000000E601}3912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local51447-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089-
354300x800000000000000045413Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:02.698{82A15F94-3542-6112-DF00-00000000E501}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-15.attackrange.local64288-false10.0.1.12-8000-
23542300x800000000000000045415Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:06.778{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=345FEFF301A3EEF4EDCD44744BC4F924,SHA256=E08C526E8460DABF3D7DDB31E2A88D0BB8048B9156FE2631894868DE701A99DC,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031897Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:06.780{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB075146B732DF61989BC311DFBC3CAC,SHA256=EA8AC3A9A4B9B844AF91266C1CB4FDAC9829D560487CD960BC97823DE4E7E7BC,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045416Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:07.808{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66007DA1414B879AA55F78B953CEE4FE,SHA256=BF19AAFC277AF6E0E8E561181076E86E21060F1BB9B17C443B495A92CF1F7F4C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031898Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:07.780{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81BAC5B96D7D06FF4EF7F6569EADDA48,SHA256=57C02F26CCD8716F92540A6E1540BA85321FBE8015F5EC33FFD39CFD74325F52,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031899Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:08.785{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFBDC0011C9C9D4311087BA58B89D59C,SHA256=203F63006192E99BF598F422BDA8908C8ECCCB3FDB2EDFD3B2B49FFBEFE8972C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045417Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:08.841{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1DCABD541E9D49B6797FF6DE17A8B4E8,SHA256=0627803A8CC91C63E1D8ABC41E9E1ECD298E54241C97E29B2809C7C875EFC71C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031900Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:09.800{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD0C2B5465930B47A9C2D0E29808AEED,SHA256=7CDDFCA970769F783DAE1F0161648151010000E3323F839386AB8CCC4CCB58E1,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045418Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:09.860{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=866B055F085395CC85E0423112CBB648,SHA256=8489BC4FFBE1524EE1C7D480BFB42E9D0762DA9B83CBAEBAF191C2D7B6F21624,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031901Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:10.816{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D257D8419966448B60E40E251268200A,SHA256=3359302A96AE264961360BDFECBC5D086374D35F8702EF4BF61FF83D79348EA0,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045420Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:10.890{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64F2E3525839268429C351FECF864584,SHA256=28773F4AB608D2877AA608DA434486C99D7E51DC5D8CDF70AEC439DD10A7A367,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045419Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:08.674{82A15F94-3542-6112-DF00-00000000E501}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-15.attackrange.local64289-false10.0.1.12-8000-
23542300x800000000000000045421Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:11.921{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B3C91B9F309315C7212478A688D79B6,SHA256=676027D9688AFC52D7C6E1EE73568802E1E00569E55FD8441F717D4FD8FD6D9D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045422Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:12.958{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C469CF12F8F4395EA32AB06DDEBDFEF0,SHA256=FE5A161D5BE84D026241A883745CD377765F1BD03E5A6266D632F52CC7CA0108,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000031903Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:09.943{82855F7C-36F9-6112-C600-00000000E601}3984C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local51449-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000031902Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:12.035{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B4416994F92CD14EBB0E697ADEC4344,SHA256=B8FF030CDE338024D9BBD751E2F273E129FE6DF6AC7712A9ABA01A2F5A50077B,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045423Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:13.973{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79F4F099EC1F5BFD4B757DFB5BA921B8,SHA256=27E30AECA9081F7DD3870123C70B29A8065C780C3EF3139D0BB47CBFE7DF4B26,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000031917Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:13.675{82855F7C-36F1-6112-9C00-00000000E601}40083632C:\Windows\system32\conhost.exe{82855F7C-5805-6112-7206-00000000E601}3888C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031916Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:13.675{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031915Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:13.675{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031914Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:13.675{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031913Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:13.675{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031912Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:13.675{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031911Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:13.675{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031910Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:13.675{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031909Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:13.675{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031908Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:13.675{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031907Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:13.675{82855F7C-3680-6112-0500-00000000E601}396512C:\Windows\system32\csrss.exe{82855F7C-5805-6112-7206-00000000E601}3888C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000031906Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:13.675{82855F7C-36F1-6112-9800-00000000E601}39123768C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82855F7C-5805-6112-7206-00000000E601}3888C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000031905Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:13.676{82855F7C-5805-6112-7206-00000000E601}3888C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{82855F7C-3680-6112-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{82855F7C-36F1-6112-9800-00000000E601}3912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000031904Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:13.050{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF8563BB58742DB6373FA060F31056F1,SHA256=4AE4B692AAE18F542CE7BAA08CBDFEA3F9839EAEE20B56F474E43AECCB510763,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045424Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:14.976{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C8452D44807A9836656BEEFF816B2EF,SHA256=7E8FE6ABEB9E041EF60D64152A0D7B46A44B40588F4A1AE5029E613F73A773F8,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000031948Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.988{82855F7C-5806-6112-7406-00000000E601}3124960C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{82855F7C-36F1-6112-9800-00000000E601}3912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031947Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.832{82855F7C-36F1-6112-9C00-00000000E601}40083632C:\Windows\system32\conhost.exe{82855F7C-5806-6112-7406-00000000E601}3124C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031946Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.832{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031945Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.832{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031944Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.832{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031943Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.832{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031942Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.832{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031941Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.832{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031940Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.832{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031939Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.832{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031938Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.832{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031937Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.832{82855F7C-3680-6112-0500-00000000E601}396412C:\Windows\system32\csrss.exe{82855F7C-5806-6112-7406-00000000E601}3124C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000031936Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.832{82855F7C-36F1-6112-9800-00000000E601}39123768C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82855F7C-5806-6112-7406-00000000E601}3124C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000031935Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.833{82855F7C-5806-6112-7406-00000000E601}3124C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{82855F7C-3680-6112-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{82855F7C-36F1-6112-9800-00000000E601}3912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000031934Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.753{82855F7C-3681-6112-1200-00000000E601}972NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=1DCF3CD541F404AD4C79876ECAE39047,SHA256=71581CCBCF33DE5F5A77C8F50409BF79323FC78E63399387DCF0EEA8E8CD0CFA,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031933Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.691{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=509C22B6D4E8FC059C07791B821B0477,SHA256=B5201A3F23A3E2095C81E00CA72F98F11AF861C9D3357B78CC20136F95C00AD0,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031932Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.691{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1CACAD8A3A9C6A152FA11D8830866237,SHA256=9C2A2037FB277260428A5A9CC325B6B1F008EC254F04316E624D09142CA09ED0,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000031931Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.175{82855F7C-36F1-6112-9C00-00000000E601}40083632C:\Windows\system32\conhost.exe{82855F7C-5806-6112-7306-00000000E601}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031930Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.175{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031929Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.175{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031928Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.175{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031927Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.175{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031926Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.175{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031925Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.175{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031924Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.175{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031923Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.175{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031922Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.175{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031921Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.175{82855F7C-3680-6112-0500-00000000E601}396412C:\Windows\system32\csrss.exe{82855F7C-5806-6112-7306-00000000E601}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000031920Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.175{82855F7C-36F1-6112-9800-00000000E601}39123768C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82855F7C-5806-6112-7306-00000000E601}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000031919Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.177{82855F7C-5806-6112-7306-00000000E601}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{82855F7C-3680-6112-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{82855F7C-36F1-6112-9800-00000000E601}3912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000031918Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.066{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F699A3C8714B753B1235D989BB1ADB8,SHA256=F2A88265844D2E32FF1E001297D15D3D665E4744EF8074B305BD3250C59B387B,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045425Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:15.991{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E11734243F9B8629B69F8F7CE849C877,SHA256=0856AFD2B264436F2EC0EC1A59476E622A203AD84FA22FE75A32F203A7DB799F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031950Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:15.847{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=509C22B6D4E8FC059C07791B821B0477,SHA256=B5201A3F23A3E2095C81E00CA72F98F11AF861C9D3357B78CC20136F95C00AD0,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031949Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:15.191{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F865168E099C5138F30364D349C34EA7,SHA256=3CF593392488838EAF31A179FAC7B947E8DCDAF8DC8811173CEDB199455BCA16,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000031980Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.863{82855F7C-5808-6112-7606-00000000E601}8842192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{82855F7C-36F1-6112-9800-00000000E601}3912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031979Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.691{82855F7C-36F1-6112-9C00-00000000E601}40083632C:\Windows\system32\conhost.exe{82855F7C-5808-6112-7606-00000000E601}884C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031978Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.691{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031977Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.691{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031976Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.691{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031975Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.691{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031974Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.691{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031973Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.691{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031972Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.691{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031971Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.691{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031970Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.691{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031969Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.691{82855F7C-3680-6112-0500-00000000E601}396412C:\Windows\system32\csrss.exe{82855F7C-5808-6112-7606-00000000E601}884C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000031968Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.691{82855F7C-36F1-6112-9800-00000000E601}39123768C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82855F7C-5808-6112-7606-00000000E601}884C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000031967Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.692{82855F7C-5808-6112-7606-00000000E601}884C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{82855F7C-3680-6112-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{82855F7C-36F1-6112-9800-00000000E601}3912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
354300x800000000000000031966Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:14.959{82855F7C-36F9-6112-C600-00000000E601}3984C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local51450-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000031965Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.207{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5FBE2A016344FF55682A94490BE50287,SHA256=FC263DFA34B27B3E1C9F15460C1F047B9A7B5ED8CF75F740E6D362C5AF338716,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000031964Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.160{82855F7C-5808-6112-7506-00000000E601}20082588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{82855F7C-36F1-6112-9800-00000000E601}3912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031963Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.019{82855F7C-36F1-6112-9C00-00000000E601}40083632C:\Windows\system32\conhost.exe{82855F7C-5808-6112-7506-00000000E601}2008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031962Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.019{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031961Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.019{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031960Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.019{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031959Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.019{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031958Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.019{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031957Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.019{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031956Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.019{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031955Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.019{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031954Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.019{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031953Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.019{82855F7C-3680-6112-0500-00000000E601}396984C:\Windows\system32\csrss.exe{82855F7C-5808-6112-7506-00000000E601}2008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000031952Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.019{82855F7C-36F1-6112-9800-00000000E601}39123768C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82855F7C-5808-6112-7506-00000000E601}2008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000031951Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:16.020{82855F7C-5808-6112-7506-00000000E601}2008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{82855F7C-3680-6112-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{82855F7C-36F1-6112-9800-00000000E601}3912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x800000000000000031996Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:17.535{82855F7C-5809-6112-7706-00000000E601}2460800C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{82855F7C-36F1-6112-9800-00000000E601}3912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031995Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:17.363{82855F7C-36F1-6112-9C00-00000000E601}40083632C:\Windows\system32\conhost.exe{82855F7C-5809-6112-7706-00000000E601}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031994Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:17.363{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031993Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:17.363{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031992Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:17.363{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031991Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:17.363{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031990Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:17.363{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031989Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:17.363{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031988Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:17.363{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031987Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:17.363{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031986Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:17.363{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031985Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:17.363{82855F7C-3680-6112-0500-00000000E601}396984C:\Windows\system32\csrss.exe{82855F7C-5809-6112-7706-00000000E601}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000031984Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:17.363{82855F7C-36F1-6112-9800-00000000E601}39123768C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82855F7C-5809-6112-7706-00000000E601}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000031983Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:17.364{82855F7C-5809-6112-7706-00000000E601}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{82855F7C-3680-6112-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{82855F7C-36F1-6112-9800-00000000E601}3912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000031982Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:17.253{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=09A3235940C7BC53B37E783506C64DE3,SHA256=A40ECA2451B37880D6398C12560DF4ACECC062FC733BE30F8B5DCE618445C813,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045427Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:14.673{82A15F94-3542-6112-DF00-00000000E501}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-15.attackrange.local64290-false10.0.1.12-8000-
23542300x800000000000000045426Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:17.005{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA17E40E038EF074609D74CF842D2732,SHA256=A1B435E697A169CE9F343DBBB26BB8E584DDADA417E8BF2A409FEB209484D230,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000031981Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:17.035{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D5043577B7238D21AFA8BB208AE2BEC6,SHA256=8F38B1E68F44C114ACE8CCBA298050ADDDD621BFC6C0B3DF0B06F99C1EF5DE4D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032011Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:18.613{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F09944884806946FE25785F374F20F1,SHA256=ECD444526A89061FDF9E52B20732D8D5A9950116363B8581B423AAC3683FA02D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032010Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:18.613{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EB10A5BA7340BE21206D0EDCBF22B81E,SHA256=8A1C627207A8199EFCF2471CCFA7075CD8F58DEB048CF909C6F7E935B872909D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045433Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:18.542{82A15F94-3D89-6112-C804-00000000E501}6460ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vqb9vyz9.default-release\storage\default\https+++twitter.com\idb\1046228012scyn.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045432Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:18.489{82A15F94-3D89-6112-C804-00000000E501}64606380C:\Program Files\Mozilla Firefox\firefox.exe{82A15F94-3D8C-6112-CD04-00000000E501}6248C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1befe1|C:\Program Files\Mozilla Firefox\xul.dll+a1c74f|C:\Program Files\Mozilla Firefox\xul.dll+240e608|C:\Program Files\Mozilla Firefox\xul.dll+22cf131|C:\Program Files\Mozilla Firefox\xul.dll+22cb14a|C:\Program Files\Mozilla Firefox\xul.dll+2efb550|C:\Program Files\Mozilla Firefox\xul.dll+2f150da|C:\Program Files\Mozilla Firefox\xul.dll+2ef4929|C:\Program Files\Mozilla Firefox\xul.dll+2ef4645|C:\Program Files\Mozilla Firefox\xul.dll+2ef81eb|C:\Program Files\Mozilla Firefox\xul.dll+2f102bd|C:\Program Files\Mozilla Firefox\xul.dll+2f1c528|C:\Program Files\Mozilla Firefox\xul.dll+2f1b924|C:\Program Files\Mozilla Firefox\xul.dll+2eff0f0|C:\Program Files\Mozilla Firefox\xul.dll+166a881|C:\Program Files\Mozilla Firefox\xul.dll+166937a|C:\Program Files\Mozilla Firefox\xul.dll+a1516f|C:\Program Files\Mozilla Firefox\xul.dll+26c7e|C:\Program Files\Mozilla Firefox\xul.dll+8dd9e7|C:\Program Files\Mozilla Firefox\nss3.dll+754ed|C:\Program Files\Mozilla Firefox\nss3.dll+8d281|C:\Windows\System32\ucrtbase.dll+1fb80
10341000x800000000000000045431Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:18.489{82A15F94-3D89-6112-C804-00000000E501}64606380C:\Program Files\Mozilla Firefox\firefox.exe{82A15F94-3D8C-6112-CD04-00000000E501}6248C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1befe1|C:\Program Files\Mozilla Firefox\xul.dll+a1c74f|C:\Program Files\Mozilla Firefox\xul.dll+240e608|C:\Program Files\Mozilla Firefox\xul.dll+22cf131|C:\Program Files\Mozilla Firefox\xul.dll+22cb14a|C:\Program Files\Mozilla Firefox\xul.dll+2efb550|C:\Program Files\Mozilla Firefox\xul.dll+2f150da|C:\Program Files\Mozilla Firefox\xul.dll+2ef4929|C:\Program Files\Mozilla Firefox\xul.dll+2ef4645|C:\Program Files\Mozilla Firefox\xul.dll+2ef81eb|C:\Program Files\Mozilla Firefox\xul.dll+2f102bd|C:\Program Files\Mozilla Firefox\xul.dll+2f1c528|C:\Program Files\Mozilla Firefox\xul.dll+2f1b924|C:\Program Files\Mozilla Firefox\xul.dll+2eff0f0|C:\Program Files\Mozilla Firefox\xul.dll+166a881|C:\Program Files\Mozilla Firefox\xul.dll+166937a|C:\Program Files\Mozilla Firefox\xul.dll+a1516f|C:\Program Files\Mozilla Firefox\xul.dll+26c7e|C:\Program Files\Mozilla Firefox\xul.dll+8dd9e7|C:\Program Files\Mozilla Firefox\nss3.dll+754ed|C:\Program Files\Mozilla Firefox\nss3.dll+8d281|C:\Windows\System32\ucrtbase.dll+1fb80
18141800x800000000000000045430Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-ConnectPipe2021-08-10 10:42:18.489{82A15F94-3D89-6112-C804-00000000E501}6460\chrome.6248.55.10684561C:\Program Files\Mozilla Firefox\firefox.exe
17141700x800000000000000045429Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-CreatePipe2021-08-10 10:42:18.489{82A15F94-3D8C-6112-CD04-00000000E501}6248\chrome.6248.55.10684561C:\Program Files\Mozilla Firefox\firefox.exe
23542300x800000000000000045428Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:18.020{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CDC9A65B9B61644B95E829ADF4DB62DA,SHA256=9B865530CBDECBEFEC1415F7675DE08B7227F746C48C9FCD21305CEF56E04235,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000032009Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:18.035{82855F7C-36F1-6112-9C00-00000000E601}40083632C:\Windows\system32\conhost.exe{82855F7C-580A-6112-7806-00000000E601}92C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032008Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:18.035{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032007Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:18.035{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032006Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:18.035{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032005Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:18.035{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032004Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:18.035{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032003Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:18.035{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032002Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:18.035{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032001Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:18.035{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032000Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:18.035{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000031999Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:18.035{82855F7C-3680-6112-0500-00000000E601}396984C:\Windows\system32\csrss.exe{82855F7C-580A-6112-7806-00000000E601}92C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000031998Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:18.035{82855F7C-36F1-6112-9800-00000000E601}39123768C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82855F7C-580A-6112-7806-00000000E601}92C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000031997Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:18.035{82855F7C-580A-6112-7806-00000000E601}92C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{82855F7C-3680-6112-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{82855F7C-36F1-6112-9800-00000000E601}3912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000032012Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:19.628{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F173B9034A73D9DA5735698FD28016E,SHA256=36867198913FBD2F0BDC69723C4181A6C4931F03DC32E6FF6781487C96ABBCCD,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045434Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:19.021{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D433BDA085ACC1814437C7EF95BA2CF,SHA256=DC617BA7CC6F4429AAA89715F1C5435EC6CAF966B050DD05F3A6D4619515C46A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032013Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:20.660{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7A79C7B305AE55D69B8229202DC9B4B,SHA256=0F18A51F8D40E34836F40A881305DF67B6952D7876640E8855469885F36BFF9C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045435Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:20.074{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CEB94C1AD1EC02CE803B33D952845519,SHA256=7620E9403A0A744AAD297BD57BAA78A8C72B00F5F24E2E7109673C8597E92951,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032014Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:21.769{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7816BBAF9866EF96D98A7F1992D663B9,SHA256=B97D8B0D9B89D99D57F30549E27B332C87B5BAFD30A273EB574D5AA4F6C2C1C4,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045436Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:21.089{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E013A5C81F7E140C9BC1C8506B57341,SHA256=1FAF539AD228EA43DD7E0388EA43AEC2A40D31C346F0F1F8B7D10E764878EBAB,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032016Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:22.800{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB9E8D01B77511F3768B0E5A19D31E55,SHA256=B287D25DCB9C2452F8672576CB4C02C19E81FAD84967A328950F380E9CE3A071,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045438Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:20.456{82A15F94-3542-6112-DF00-00000000E501}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-15.attackrange.local64291-false10.0.1.12-8000-
23542300x800000000000000045437Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:22.120{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25BB4254ABDCC908B5253D49E727EF12,SHA256=78753C376001C6E557656DA56B2B2520A46158C552C90D9D102DD84513F699D2,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000032015Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:20.880{82855F7C-36F9-6112-C600-00000000E601}3984C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local51451-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000032017Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:23.832{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73CCECEFA74466707B67A548926834D6,SHA256=5D08B09B438B1F3A83EE01CA63B4FA012FD5A47C87CBE3E1BA42985A80EB9B61,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045439Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:23.120{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=70284DAF6AAF423D4968779091A5EE43,SHA256=2CF5D539D93D6BF6D7574878635D626D9CE5D253A9536F0BEA124EFBE77C3AD2,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032018Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:24.863{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC881A08027D64C3B8C446DFD4A1B642,SHA256=7D5FC79A0CC0E4D3CFE3C74D734117D886CE5A15E13142BBAD5990F906C88E19,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045440Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:24.120{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=981DA3B81CE11C19C08F8DD8B55CD34E,SHA256=F192394DEA17C30725C0A3E0D247172399750606BBC0E882D33738B831F1EA2E,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032019Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:25.878{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=120A0E9788DCB40EE3D1DA4574612CC1,SHA256=DA5DF135F2151559D83B341CDC13AD3774D6C71812350F3D426DD5086D6D968C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045441Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:25.137{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=780F5107E6F518939415C4EB289538EF,SHA256=30346003EB0E361203406ED7DC84E39E9E231E1E32D2C85CF288DDD35C1EA8AF,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032020Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:26.879{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FDBA090AFAC6692C53C92F02FB2153BB,SHA256=ACCD0891549796DCD7498F69252EDC184E9F121E32E2CBC3A5FD2852FDD7FB4A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045442Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:26.156{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F71339F06D96F2952D79622A447A050,SHA256=28441B0E3C6CBA1C1FFE547BF7761038DB37CFE5629B2F0443B8277DCEF727BC,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032021Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:27.941{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B368C647428D25262AFB0472BAD1FB0D,SHA256=541585C8F8C8D000A57D5279E5700D0572766499486C8B4A63AED9C7D97078F9,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045444Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:25.591{82A15F94-3542-6112-DF00-00000000E501}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-15.attackrange.local64292-false10.0.1.12-8000-
23542300x800000000000000045443Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:27.186{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EB6172D031850F127BC9500C0334BF9,SHA256=0FAB85D6F5A2A4A7496C8A6AFD76F4EF56C1B5DE865A1D28F1AC42824D47221D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032023Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:28.993{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E7A0CEEB6E28064BABA6469938E5DAC,SHA256=CD01EC49115055079A78ACD79FED86BE2748BC38FD8B263B02340A23401BC2A7,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045445Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:28.201{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=49DCC709661328EF3A0E0839D1D83D36,SHA256=C2EFC7C27763444142475A988D8381F163383D82E9BAFDF139F5DAB0172EB51C,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000032022Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:26.865{82855F7C-36F9-6112-C600-00000000E601}3984C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local51452-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000045446Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:29.216{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4690574327DC13CB1B67F5E34E833AF9,SHA256=DF03C1DA7F3DEE4209D9ED6295E6B1F3F875629DD7C2AD86BB9ACE22422CBA95,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045448Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:30.568{82A15F94-3D89-6112-C804-00000000E501}6460ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vqb9vyz9.default-release\storage\default\https+++twitter.com\idb\1046228012scyn.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045447Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:30.233{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0588C622938F5B59CCE6B4EBDA772074,SHA256=BF0D1BFB30B2EFE03FFD33786385B3CEEA85F15CD3F4A04230BDB45D54135EF1,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032024Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:30.024{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3957EFEDB51CA8704F12497106A6D9A,SHA256=43829141EE10A7760E2C106B934C5CA053FE05AD4CC511B77A546042634CE3E4,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032025Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:31.055{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79C522FE98DD95CD133ABB9F9330DFC2,SHA256=62AB4E144CBB23BCF1AC7D807701876FD8166EA547EE7FE302A9D4C1E8669B0D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045449Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:31.252{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF4567A2A04C064902622D210205986B,SHA256=CE66122FFA48EC98BB753843DBD9CC996739F04CC62F43365734E5234E7943E4,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032026Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:32.071{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B9B4E9B73170BE44DD72BD95A1688E6B,SHA256=1CCE8D4057254871E9EC551C688DD05B4A3BD1986247886698B8507D07816532,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045453Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:30.603{82A15F94-3542-6112-DF00-00000000E501}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-15.attackrange.local64293-false10.0.1.12-8000-
23542300x800000000000000045452Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:32.882{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5189497DC2AE22D48C7D9741BBDF277B,SHA256=12621CED297D00CC51F1091A26B94CF5DFC35D5D972E2C0F4402EDAA15199A13,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045451Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:32.882{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E26F7CA2BD956A050FF16695A1ACEBAF,SHA256=6572CD922A53686D7F35240D997B3E0D341B85124DCCDDBA51D1A9B3466B6255,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045450Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:32.267{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F3C4208C61566C79CCFBC529B9D3132,SHA256=BAA3C3EAB81D25B803283551846887D79A2A63E2EA31E5FCA7E60E0C7C5FE50C,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045457Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:31.287{82A15F94-3491-6112-0B00-00000000E501}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-15.attackrange.local64294-true0:0:0:0:0:0:0:1win-dc-15.attackrange.local389ldap
354300x800000000000000045456Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:31.287{82A15F94-34A4-6112-2600-00000000E501}2852C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-15.attackrange.local64294-true0:0:0:0:0:0:0:1win-dc-15.attackrange.local389ldap
23542300x800000000000000045455Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:33.366{82A15F94-353A-6112-B100-00000000E501}3808NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=2ADC5C3504B3C61C2CF52343BC9CBCEA,SHA256=DCE76430D502254FA177C54C66CE91E13AF1880F391810050FAE02682F8CC6CD,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045454Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:33.282{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D8DB44C181BA9FCE54DD4AAA0E6C0C6,SHA256=98469F1F1126C3F4D22776AE82B8DE3662BD3EADFA584FBF6E26E84B02506871,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032027Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:33.086{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B7D0B4576FB2B330B299B7FD7ABA0A22,SHA256=40E0EAB4078DC0C7AD6F2AB0CFE360B08204AF2A87D912FEDF9BB20C4ED8757E,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045458Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:34.331{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD554DD0A282FAC0E3FD905BC97B6B16,SHA256=CE79AF0D7C1B0B24352B70F6382582E5E31ACE225A514153E2E4535939B15C87,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000032029Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:32.901{82855F7C-36F9-6112-C600-00000000E601}3984C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local51453-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000032028Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:34.089{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E26CD1841277EE093B20EADA5A80820,SHA256=7E8433F8985A08887B608C61D4728C09E426C31B42D5A42D081BC9203FE86BCF,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045459Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:35.350{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6CE61840569C760F4122092892FC9AE5,SHA256=527EC5358673DAAA5C6B955D4ECD036DD34E802DBE09F59411D2386559FFC256,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032030Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:35.102{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2028552AA5A30072DA9835689CB316E4,SHA256=9E66D273ABCE88C7167BF34294D7043944B723946979EC9732005D6DB873EF8A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045461Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:36.365{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=037F8F2CED1220D0E05E36C2403A7581,SHA256=A7F4A103EE18F6CC1C00610EE7892B1FCBDF193C52080BD5146394317B9C00CC,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032031Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:36.118{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE739CA51F7A519239AA447B8F7CC27B,SHA256=2903797E9CF06A0D4969257C7784FA6D33041E3285347B4AF011C98E6D908BC1,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045460Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:32.786{82A15F94-353A-6112-B100-00000000E501}3808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-15.attackrange.local64295-false10.0.1.12-8089-
23542300x800000000000000045462Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:37.379{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A066D928C763CF9DFB5D1B288AE7313C,SHA256=337E06E09AAF3622E20060AF4F815995E35B21E19D8090CA0F659B73DFFFDCAC,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032032Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:37.133{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7CD3DE7F89D3CFF4681F9C40D73E701,SHA256=72FC5FDD80D6FAC75E142979A2DCC048A6C7D3866E90D750B804623A0EA59BDF,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045463Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:38.380{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE2BDAAEE9B63796B1834C894BDC82F3,SHA256=EA6187752F2442509DC35657F33822F11C537C1491B51BE063ACE2071315A5E6,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032033Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:38.138{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=201650B241DE2A053086C84F918616B4,SHA256=B13AC551848C3505D50FF6693F8EB5B119481CFEEE9DE4C2D752081D16D78DE8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045465Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:39.410{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E384728B010A987A604497E019F78E7,SHA256=E02038A1A5046B71E3725CB34E1E4E4E6EDDDF2EA36ECF00B50D5DC6B22E53D6,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032034Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:39.151{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=487A145F3F111474AC6607C6D0C8DAF7,SHA256=E0D3EC7076B4D75F5A01305FF1EE2EE73BB0186CE485D2DE77A6A95FE2A667A1,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045464Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:36.562{82A15F94-3542-6112-DF00-00000000E501}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-15.attackrange.local64296-false10.0.1.12-8000-
23542300x800000000000000045466Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:40.429{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16BBA078CFEB6DA4FC21BE6D2B233D4E,SHA256=4C6D4A963A5D33D206132DF8F949296FC5100D3038F563469E490DAE64D9CF67,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032035Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:40.165{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4DC281708249700DC910C6AEC917CCB7,SHA256=066D8A7C2CC7F20A509836A48C115499DC41DCBF4A4DED01481B80E6B2B79AD2,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045467Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:41.447{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF20668315DD78B4CF3A7662ACE2EC0D,SHA256=7B4B9E68CC8D9A010D796B62E8056B8916418CB9BECF53A213636F1828437319,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032037Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:41.181{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6230E12427524816F412813D61A3715,SHA256=49254B99C383200FE8CE4249D195C572E9C7ACB9C59B0212B8F9B1066A915D3C,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000032036Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:38.871{82855F7C-36F9-6112-C600-00000000E601}3984C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local51454-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000045468Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:42.450{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B21C6A869A0F7790C2702E9AB3631BB6,SHA256=BDF402A94DB327AF2CFA8DFE5B2F5395C38363FCC68251498DF1E157E3E4D46E,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032038Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:42.181{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FB8ECE4F72F58CA7EA7ADA5382E50A2,SHA256=600EF83D1E3B0CDFE66AEED9B32E781FDD5858E6FD2CB939D2F43D9D3C9643AE,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045469Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:43.465{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=579902265171A3C0BD03DCD1D16A7389,SHA256=385E05AE9CF0C86C99EC5A5B7F155BBF8E53F40BCED3B831B2734E3381298E0A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032039Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:43.197{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0CE8E9F6C6EED2C570EDFC818AB48B23,SHA256=B3A67BF168E13F0A8027AA58F41A1F2BBB511B0234DFF98DB07DC60E97F6FB3C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045470Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:44.469{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B95C56D84CD4FED19777AD76944D67EA,SHA256=F0825C7C4779E05389BA37B0ABCBF8BF94BB48F8ABCB2A93A2E263FBC7A09ADA,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032040Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:44.197{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=582EFA8B223F4A7396559F4B1518565E,SHA256=677A43792402F644B25BFFD1E51214F11B7D47DC8021A3D6749D6664F05A507D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045472Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:45.483{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8F240F8D6515CDD541AEA612841D22E,SHA256=8BE2601CD8E6EFE35F6BE1A5E8EA0A33B6AEF951D1FF28BC0EC6C46A9FC01C23,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032041Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:45.212{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA8DDCEE0710DD79E4CA074006CE0A0C,SHA256=DEC39CAA9444A240A22EC432C5E9871C40DE1544F06C8E2B7B8336D45484455A,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045471Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:42.517{82A15F94-3542-6112-DF00-00000000E501}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-15.attackrange.local64297-false10.0.1.12-8000-
23542300x800000000000000045473Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:46.498{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=065162961F11269404967325D0744F86,SHA256=B26CDD362960617F511613D1ED3C6FD2DAE88A79F24ED61C4DEA7829589752E0,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000032043Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:44.042{82855F7C-36F9-6112-C600-00000000E601}3984C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local51455-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000032042Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:46.228{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C9E9D998AA4A68E4147966E2C1EA5DCC,SHA256=0288FF9D6B74EAB0CD3E360FE250583B6148DF7EB0E830A4F9B44A9884C17781,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045474Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:47.513{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A5F87869A050344BA66747EF6D7BF3C,SHA256=B40FC791D529C75388D961C4673F3CFE42E896099DF3D16569CB97AE53F58A0D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032044Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:47.243{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=00D166DCCDBA175FE84EFE37A8F21DBB,SHA256=0F01165CBC476306DB8FF4E2F6ABA6F387D94FF9938F5AC1AB80CE6C778F5562,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045475Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:48.532{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A39EB077B9A8863A6246AF36F1592AB7,SHA256=44FF97A1D6310E23053B0D3ECCC26378416F6337878989020DD76BCFAFFFAFC3,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032045Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:48.259{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2483002C810C94603D4D244BDAB76DDC,SHA256=4F2F188CF3F2552B46181DDD8DBE443F9B5F1791BAB44CF3598A5445C9EC9B4C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045476Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:49.596{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D0D03EB6B887463B29513470C96743A,SHA256=3A42F029FD36DCBC8227616B8ECF1B7B2C11F8FDE683DA7A9B3B34B1A87B8EFA,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032046Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:49.272{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B4ADDF981128448F9479FE445C9C68B,SHA256=CA6DA3CC864FA9993D7627DE6A64C09942DF549B627B386978488821EB2B0033,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045479Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:50.596{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=271B57E75CAEA5FDD5FAAA657852C461,SHA256=9609D6F4BDB3C37105D8983714CC0A057E590B6AAB7600149CAF56C7A2C0AF26,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032047Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:50.288{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B4BB68097CE1FD16EFE9A121DFE32546,SHA256=39272CB4D5CADB0E2F7DD5328C49EBA191E37626B504955FA94F293372329227,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045478Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:47.601{82A15F94-3542-6112-DF00-00000000E501}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-15.attackrange.local64298-false10.0.1.12-8000-
23542300x800000000000000045477Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:50.149{82A15F94-3DE5-6112-D804-00000000E501}5632ATTACKRANGE\AdministratorC:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exeC:\Users\Administrator\AppData\Local\Microsoft_Corporation\PowerShell_ISE.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\5632.xml~RF8b1a98.TMPMD5=98D337AE5290E897B55C45A1E233320E,SHA256=AF7E2A4CE72342DD3A7EAE18801CDB1C6819994A4573C77DB257BDABE8CE6FD1,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045483Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:51.980{82A15F94-3493-6112-0D00-00000000E501}9005108C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2B00-00000000E501}2912C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045482Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:51.980{82A15F94-3493-6112-0D00-00000000E501}9005108C:\Windows\system32\svchost.exe{82A15F94-3D89-6112-C804-00000000E501}6460C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045481Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:51.980{82A15F94-3493-6112-0D00-00000000E501}9005108C:\Windows\system32\svchost.exe{82A15F94-3D89-6112-C804-00000000E501}6460C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000045480Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:51.611{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6DCE80267C771E68318493EDEAC293E1,SHA256=3157789636F63B4F664E581C32B92E49CA8A703EE609FEBD827A4C4C66043797,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000032049Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:50.024{82855F7C-36F9-6112-C600-00000000E601}3984C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local51456-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000032048Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:51.304{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F3788306D9A5F605BC16C73A01DF4CB,SHA256=E00583C4C058F506149E7A302C9D17F4002DC09325A63D872A1347CDE04545EB,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045484Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:52.630{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33615C89452ADD1F1CA4EE04EA91EAED,SHA256=2B803F8F95BC723E4F7860E2E0C3D516E715654A8FA13CFAB7BF453EAAF09DDE,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032050Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:52.319{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9BE558C448FB1A358763FAB9F6F45D3B,SHA256=03D06017F0DFB77F4D91A5C17AE36B3E5C0605B10BBCD03FF2CB120E7ADD8AA4,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032051Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:53.335{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41BF82ABCA0347EE90E98D1C38FC4547,SHA256=4B5F4139E114A0DEAC773B8CAC33625A62C292C06D872E012B8A1FD394CB6216,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045485Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:53.663{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6DDB49614A51919108489D244DA35DF7,SHA256=601243BB33AFA9A7DD9A0BCD73ED5F1F820B41D6D0D08E5ABDC56DBA18B0DF99,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045486Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:54.694{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=076CA7600B2F2F178C67A434160DE570,SHA256=D6F69BBEA7B5C4E6A72AA971A2A6BDB39B49A7DC9059C20B84B3ACF30E93CC50,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032052Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:54.350{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=431F1C530C58B8602A01FF895B2C46A1,SHA256=9A3A4496E506AFE45939542797FEE58F5026003FD2B199BD1DD365B96B6F3F69,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045504Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:55.908{82A15F94-353A-6112-B500-00000000E501}14804460C:\Windows\system32\conhost.exe{82A15F94-582F-6112-0208-00000000E501}5448C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045503Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:55.908{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045502Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:55.908{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045501Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:55.908{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045500Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:55.908{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045499Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:55.908{82A15F94-3491-6112-0500-00000000E501}420436C:\Windows\system32\csrss.exe{82A15F94-582F-6112-0208-00000000E501}5448C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000045498Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:55.908{82A15F94-353A-6112-B100-00000000E501}38084328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82A15F94-582F-6112-0208-00000000E501}5448C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000045497Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:55.910{82A15F94-582F-6112-0208-00000000E501}5448C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{82A15F94-3491-6112-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{82A15F94-353A-6112-B100-00000000E501}3808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000045496Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:55.746{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE271BD1519A0259E7F7E216BF115670,SHA256=1863FFAB2E2ADB38AE7BFBEE2C08568437B11788F6B7950B27FF95FB1551B7C1,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032053Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:55.366{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5BFD50086955D1CC6DE0104284FF55C6,SHA256=1431B12654815409E5FA0DDD3D40CACD7EFE4FCD1DE00F53295A4C03A3B38B3D,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045495Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:53.614{82A15F94-3542-6112-DF00-00000000E501}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-15.attackrange.local64299-false10.0.1.12-8000-
10341000x800000000000000045494Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:55.246{82A15F94-353A-6112-B500-00000000E501}14804460C:\Windows\system32\conhost.exe{82A15F94-582F-6112-0108-00000000E501}3632C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045493Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:55.246{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045492Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:55.246{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045491Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:55.246{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045490Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:55.246{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045489Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:55.246{82A15F94-3491-6112-0500-00000000E501}4201700C:\Windows\system32\csrss.exe{82A15F94-582F-6112-0108-00000000E501}3632C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000045488Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:55.246{82A15F94-353A-6112-B100-00000000E501}38084328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82A15F94-582F-6112-0108-00000000E501}3632C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000045487Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:55.247{82A15F94-582F-6112-0108-00000000E501}3632C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{82A15F94-3491-6112-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{82A15F94-353A-6112-B100-00000000E501}3808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000045516Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:56.776{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82BE119ABF92C352817C29CCD873BFC7,SHA256=CC11E0E82BB01E687392AD0C9F3B26C7F960957015E8F640281EB187C58D09B6,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032054Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:56.382{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=126D09CB45F2A8ACBF246A861F7136B4,SHA256=D2079F7C048F5F1BD108CE2E97FE1139ADC1544D43EBE225622A8F2E75FBC4EA,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045515Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:56.528{82A15F94-353A-6112-B500-00000000E501}14804460C:\Windows\system32\conhost.exe{82A15F94-5830-6112-0308-00000000E501}5444C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045514Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:56.526{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045513Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:56.526{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045512Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:56.526{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045511Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:56.526{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045510Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:56.525{82A15F94-3491-6112-0500-00000000E501}420532C:\Windows\system32\csrss.exe{82A15F94-5830-6112-0308-00000000E501}5444C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000045509Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:56.525{82A15F94-353A-6112-B100-00000000E501}38084328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82A15F94-5830-6112-0308-00000000E501}5444C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000045508Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:56.524{82A15F94-5830-6112-0308-00000000E501}5444C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{82A15F94-3491-6112-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{82A15F94-353A-6112-B100-00000000E501}3808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000045507Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:56.261{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=011240D04A49A6A7093539519FDF2535,SHA256=34AE46F65828733110D9FBCC4533B11C9EB6C07E114BB93BFC750AEDB114612A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045506Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:56.261{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5189497DC2AE22D48C7D9741BBDF277B,SHA256=12621CED297D00CC51F1091A26B94CF5DFC35D5D972E2C0F4402EDAA15199A13,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045505Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:56.061{82A15F94-582F-6112-0208-00000000E501}54483476C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{82A15F94-353A-6112-B100-00000000E501}3808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045535Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:57.975{82A15F94-353A-6112-B500-00000000E501}14804460C:\Windows\system32\conhost.exe{82A15F94-5831-6112-0508-00000000E501}6784C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045534Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:57.975{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045533Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:57.975{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045532Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:57.975{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045531Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:57.975{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045530Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:57.975{82A15F94-3491-6112-0500-00000000E501}420532C:\Windows\system32\csrss.exe{82A15F94-5831-6112-0508-00000000E501}6784C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000045529Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:57.975{82A15F94-353A-6112-B100-00000000E501}38084328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82A15F94-5831-6112-0508-00000000E501}6784C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000045528Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:57.976{82A15F94-5831-6112-0508-00000000E501}6784C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{82A15F94-3491-6112-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{82A15F94-353A-6112-B100-00000000E501}3808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000045527Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:57.807{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A0E3BAA63117CE87C02FDF4BAE09463,SHA256=609395FA7DEAF0961966643D51B804D15C13455676B85A0246CA9522DBEAFA64,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000032056Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:55.852{82855F7C-36F9-6112-C600-00000000E601}3984C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local51457-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000032055Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:57.397{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD7B5437C3B8FC1CC8170ADA5C7292F8,SHA256=34F4355CA71ADC556C2C7F2F04021BE9A8E3DC931D535DF4ADE7340ECDA91E60,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045526Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:57.528{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=011240D04A49A6A7093539519FDF2535,SHA256=34AE46F65828733110D9FBCC4533B11C9EB6C07E114BB93BFC750AEDB114612A,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045525Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:57.507{82A15F94-5831-6112-0408-00000000E501}40485460C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{82A15F94-353A-6112-B100-00000000E501}3808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045524Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:57.307{82A15F94-353A-6112-B500-00000000E501}14804460C:\Windows\system32\conhost.exe{82A15F94-5831-6112-0408-00000000E501}4048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045523Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:57.307{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045522Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:57.307{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045521Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:57.307{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045520Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:57.307{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045519Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:57.307{82A15F94-3491-6112-0500-00000000E501}4201700C:\Windows\system32\csrss.exe{82A15F94-5831-6112-0408-00000000E501}4048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000045518Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:57.307{82A15F94-353A-6112-B100-00000000E501}38084328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82A15F94-5831-6112-0408-00000000E501}4048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000045517Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:57.308{82A15F94-5831-6112-0408-00000000E501}4048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{82A15F94-3491-6112-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{82A15F94-353A-6112-B100-00000000E501}3808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000045546Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:58.828{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A249D77E7FA2CBA32FDC98018520BF5,SHA256=BDA467FFE947AE296426667C131FC930EB27805FF01DF2751FFD9B7E85BF6DF2,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032057Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:58.413{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01093EC3CCF7D13E67767BC527D8F884,SHA256=4BBCE12ECB0B32B3F6EC135E98BB2FEE735F06376D462C9610A2A422B1FA261F,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045545Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:58.626{82A15F94-5832-6112-0608-00000000E501}1020520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{82A15F94-353A-6112-B100-00000000E501}3808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045544Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:58.475{82A15F94-353A-6112-B500-00000000E501}14804460C:\Windows\system32\conhost.exe{82A15F94-5832-6112-0608-00000000E501}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045543Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:58.475{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045542Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:58.475{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045541Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:58.475{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045540Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:58.475{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045539Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:58.475{82A15F94-3491-6112-0500-00000000E501}420532C:\Windows\system32\csrss.exe{82A15F94-5832-6112-0608-00000000E501}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000045538Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:58.475{82A15F94-353A-6112-B100-00000000E501}38084328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82A15F94-5832-6112-0608-00000000E501}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000045537Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:58.476{82A15F94-5832-6112-0608-00000000E501}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{82A15F94-3491-6112-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{82A15F94-353A-6112-B100-00000000E501}3808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x800000000000000045536Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:58.128{82A15F94-5831-6112-0508-00000000E501}67843984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{82A15F94-353A-6112-B100-00000000E501}3808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000045556Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:59.874{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C2F852124AB79CB185B2A5F6B1983C2,SHA256=2D7C11E1369B2CC9C5DAA93B6DF4FB6AAC1BAD6ADBB8698F317D2457A454435D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032058Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:42:59.429{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=870BB233A98D46C254E1FB6F573E42C0,SHA256=2E541F161BB644B1E00B1675DF5A91317B235B04CA857EC42AC1407592444AD4,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045555Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:59.091{82A15F94-353A-6112-B500-00000000E501}14804460C:\Windows\system32\conhost.exe{82A15F94-5833-6112-0708-00000000E501}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045554Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:59.091{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045553Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:59.091{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045552Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:59.091{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045551Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:59.091{82A15F94-3493-6112-0C00-00000000E501}8403248C:\Windows\system32\svchost.exe{82A15F94-34A4-6112-2D00-00000000E501}2920C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045550Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:59.091{82A15F94-3491-6112-0500-00000000E501}420532C:\Windows\system32\csrss.exe{82A15F94-5833-6112-0708-00000000E501}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000045549Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:59.091{82A15F94-353A-6112-B100-00000000E501}38084328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82A15F94-5833-6112-0708-00000000E501}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000045548Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:59.093{82A15F94-5833-6112-0708-00000000E501}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{82A15F94-3491-6112-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{82A15F94-353A-6112-B100-00000000E501}3808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000045547Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:59.006{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D54216F179AB5C0AD2EE0D98CA25C316,SHA256=C0294D347AE26803774A13C0C6AD88156ED7718352275B33BAB3E183958E1CA0,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045558Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:00.905{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F6A14281F7074F499BFA866FB9563BDF,SHA256=A610D4EDF47075BC7E8A70BD2929158746CE94124B7C7C6AD04B2492A8C01204,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032059Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:00.444{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F89B15FEDC27F9D760CA20D0A825695,SHA256=248B59E9053E736FF79CEDA439B5048FA8E6C1F95F0A6EFFBE99F704EE2109E5,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045557Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:00.124{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=842DCFC95BB40E926F2249C3C6ED1FDD,SHA256=533DAEB2F1F7FE94C0218CE5E6C6A49B1754A7E8988D5C8494D1E11652391A3E,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045560Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:01.923{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3FEB708915D24D046B49FC0FE21A43B0,SHA256=616DA764CC317A2B19AD983B42C5CF127665AE6A810621A968880B4B6D637857,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032060Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:01.460{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7476019102BCC706C97590599ACEFB22,SHA256=7EBB20C6083D499A42E28EF9A6ED9EF5EAF7A41975E221960CE59D1D4C0BFB9A,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045559Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:42:59.541{82A15F94-3542-6112-DF00-00000000E501}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-15.attackrange.local64300-false10.0.1.12-8000-
23542300x800000000000000045562Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:02.941{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E990781C7D179BA35777337C9A9D953A,SHA256=224600BD53C7C270D1B3498FF4CF743B75314B76A1A0C7E7DA6C0C8F646A950A,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000032062Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:00.852{82855F7C-36F9-6112-C600-00000000E601}3984C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local51458-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000032061Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:02.475{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D513AA2F217BC64976DA1D9DFD3D6DD1,SHA256=DE4D61D11620FCAAAAFA868FBFAF1F0DD0BE9CF95392ED28BE0556ABDDB1B6F3,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045561Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:02.042{82A15F94-3493-6112-1100-00000000E501}412NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=EAC6EE9770F74DB8C358686FE91FDA5E,SHA256=8D8356FF686AA5A2B62C0FB839C3AB9CB158B7AC536660EFF9C6083B2E743A61,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045563Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:03.956{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5263218C099DB4C818387753F075D1F8,SHA256=C2EAEF762B0EFEBC6B842056BFD6AFE53C04FBCCA75A01408711DA0F308709B5,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032064Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:03.757{82855F7C-36F1-6112-9800-00000000E601}3912NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=2ADC5C3504B3C61C2CF52343BC9CBCEA,SHA256=DCE76430D502254FA177C54C66CE91E13AF1880F391810050FAE02682F8CC6CD,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032063Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:03.491{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1AB8792B41D968EE27206AFF3DB99261,SHA256=5A5441BAA07DFA9DF1C25314EBE5D23C39F9CDBF2DC8366E2E528914B7BC5603,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032065Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:04.554{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EEB854D2D3F0FE882A0CB1A4944567F6,SHA256=7FB7293B7A7BF4C1DE2ACF2253B5BB820C338D0D7BF5A49DFAEBF857BA241478,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045595Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.919{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-372A-6112-7A01-00000000E501}5788C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045594Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.919{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-372A-6112-7A01-00000000E501}5788C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045593Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.919{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-372A-6112-7A01-00000000E501}5788C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045592Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.919{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-372A-6112-7A01-00000000E501}5788C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045591Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.919{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-372A-6112-7A01-00000000E501}5788C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045590Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.919{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-372A-6112-7A01-00000000E501}5788C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045589Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.919{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-372A-6112-7A01-00000000E501}5788C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045588Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.919{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-372A-6112-7A01-00000000E501}5788C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045587Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.919{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-3729-6112-7901-00000000E501}5628C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045586Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.919{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-3729-6112-7901-00000000E501}5628C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045585Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.919{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-3729-6112-7901-00000000E501}5628C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045584Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.919{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-3729-6112-7901-00000000E501}5628C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045583Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.918{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-3729-6112-7901-00000000E501}5628C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045582Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.918{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-3729-6112-7901-00000000E501}5628C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045581Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.918{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-3729-6112-7901-00000000E501}5628C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045580Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.918{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-3729-6112-7901-00000000E501}5628C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045579Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.918{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-371C-6112-5301-00000000E501}760C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045578Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.918{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-371C-6112-5301-00000000E501}760C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045577Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.918{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-371C-6112-5301-00000000E501}760C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045576Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.918{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-371C-6112-5301-00000000E501}760C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045575Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.918{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-371C-6112-5301-00000000E501}760C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045574Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.918{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-371C-6112-5301-00000000E501}760C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045573Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.918{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-371C-6112-5301-00000000E501}760C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045572Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.918{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-371C-6112-5301-00000000E501}760C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045571Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.918{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-371C-6112-5301-00000000E501}760C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045570Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.918{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-371C-6112-5301-00000000E501}760C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045569Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.918{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-371C-6112-5301-00000000E501}760C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045568Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.918{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-371C-6112-5301-00000000E501}760C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045567Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.918{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-371C-6112-5301-00000000E501}760C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045566Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.918{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-371C-6112-5301-00000000E501}760C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045565Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.917{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-371C-6112-5301-00000000E501}760C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000045564Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:04.917{82A15F94-3493-6112-0D00-00000000E501}900920C:\Windows\system32\svchost.exe{82A15F94-371C-6112-5301-00000000E501}760C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
354300x800000000000000032067Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:03.524{82855F7C-36F1-6112-9800-00000000E601}3912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local51459-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089-
23542300x800000000000000032066Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:05.632{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0FE01D3BD9FDAB659DD5E3B9ADF0C911,SHA256=B7731DF3AC5E08E20902C6933CA3A7533253F148F54C8C28A99D6E8C3FB8A6CF,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045596Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:05.339{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EC0B34A7BAC7791D64DF385449A3629,SHA256=381A64163EF6C6688D59AC0EE74F6A0D826DDC696F4A8B3031729D5405DC9D97,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032068Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:06.663{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86CB0557DA6E5696546C88C260A299A9,SHA256=498C62EE40501C26635CCBD74F1E4BC019A59F8BB52277739FA6283B182542BF,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045597Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:06.353{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=700BD8B2776113A2AEFDA664E937EBB6,SHA256=F2B38FCE5B911EB849BCD1D8A764558C9B01689FBD8393FAA4D24C1EDB8FACB1,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000032070Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:05.899{82855F7C-36F9-6112-C600-00000000E601}3984C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local51460-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000032069Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:07.725{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18B89570E97829F7B70FDA533EEF0E68,SHA256=4CCFA017D704204BC986E5BB92A3F694DC2788B3402B7B1D4E2FB4DFC7C52BD9,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045599Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:05.551{82A15F94-3542-6112-DF00-00000000E501}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-15.attackrange.local64301-false10.0.1.12-8000-
23542300x800000000000000045598Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:07.368{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D69A07781C2A2DC183954207F817AD05,SHA256=8627ECF17F91A6A2E5821CCB056C1254ED60FCBF9962585531D6A14AD897A95C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045600Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:08.383{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C00A9BF1C80176DD874848943A965415,SHA256=3EC8A72EE0449C20CEA5E9A85748936CDDDF1E177CC2092F1545CA788FDC2E02,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032071Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:08.745{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C96F6C7F75AFFE16BD675424237D806D,SHA256=AEA5E3DE27F54B4CCECE08E4758EE62F475954B884C3975AAE5829191E731ADE,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032072Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:09.745{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=910828B82E6005A34CC608D046864694,SHA256=7615ECD6445CCE2EDCD2B23716ABB2D7794DEB0C3B04E6FB49BB2C7B7C12D83C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045601Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:09.398{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=858BC4A620A48E72A8504BAC22DD1882,SHA256=ED2AFAFDFC7ECC3BC34A75682E28886824B7D6D6FF4FA9E3439CF36B18134107,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032073Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:10.776{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8AAF77F429ECC36BE1461A18C3C0B717,SHA256=9FB293FF6CD4807E313CCEE899EB44BCC996842EDD74ED40216D3E563F723275,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045602Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:10.416{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C2B21B9F643B1C3B5F100C4F90F8951,SHA256=433DA6CD5724D2353DDC44626C9A11EACB2555E4CAADE236C833F0DDFF6BDEB7,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032074Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:11.807{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=67F2AE916BF492505F2DD9DA17463678,SHA256=E23C4FC9CFC3FBD74AA5639A85EA8A67319D4766777FC7CB522764EB9F34BCCB,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045603Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:11.465{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F13498B4489C625B9D5041B515FD2B61,SHA256=B99D63B88CD446E2D43E1A1EFDA3B34E19F066DC0DEDF83F627A8B6CA5585321,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032075Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:12.870{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B674726A94EBB425FF4EC906DF905455,SHA256=346B50C0EB23CBDFCB038C6B433095A5165CCACE23F51098AFF096B65C8CD22A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045604Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:12.480{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3EABB4E340B04428DA6CE3F3D8CD5BCA,SHA256=50260B51320660C9F3F5F4ECD91F5C33914AEDE993C7BEDA50AD3823FAD58A94,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032089Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:13.886{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6DD51617753DB0A3DEC0659437F09E6,SHA256=91116B12B1D5BC02C6F2D162EF2F4017D10A4042E4FB3ABBEACB730707A2E918,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045605Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:13.495{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A593CAD282D9E98B9FFA2364FF06CE0E,SHA256=0D27A84C56DF9EE0E278223309437CDD192F1D83C605660B51147606A9380AB4,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000032088Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:13.667{82855F7C-36F1-6112-9C00-00000000E601}40083632C:\Windows\system32\conhost.exe{82855F7C-5841-6112-7906-00000000E601}2452C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032087Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:13.667{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032086Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:13.667{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032085Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:13.667{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032084Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:13.667{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032083Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:13.667{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032082Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:13.667{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032081Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:13.667{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032080Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:13.667{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032079Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:13.667{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032078Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:13.667{82855F7C-3680-6112-0500-00000000E601}396984C:\Windows\system32\csrss.exe{82855F7C-5841-6112-7906-00000000E601}2452C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000032077Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:13.667{82855F7C-36F1-6112-9800-00000000E601}39123768C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82855F7C-5841-6112-7906-00000000E601}2452C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000032076Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:13.668{82855F7C-5841-6112-7906-00000000E601}2452C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{82855F7C-3680-6112-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{82855F7C-36F1-6112-9800-00000000E601}3912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000032108Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:14.948{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=55D995E31CD03F02359026270B1B57B9,SHA256=7FA325B53EA4524C9B89D952E078C7D073D2D85C018350A3FFF135756AE3633B,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045607Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:11.584{82A15F94-3542-6112-DF00-00000000E501}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-15.attackrange.local64302-false10.0.1.12-8000-
23542300x800000000000000045606Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:14.513{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E545C2820B4B05C5A6B273BBB3C75D10,SHA256=55F29FD98E6944E3CE5CDED3DEE54C45A31708DAE1CBC3874BB5E53218B8E997,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032107Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:14.761{82855F7C-3681-6112-1200-00000000E601}972NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=A2A937088EC9AA8CA8E259F10DB801DA,SHA256=BF88F28739B16B488819F647FFC8181FE10853723DE690C85FD2E4F87A140113,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032106Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:14.698{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A289FFA848B1B836BE977EFA8B90444E,SHA256=05B2A12CE6D726EFF1DD51DBEBFA6A572BB503EF3156ADF21E0F45BB06BEDE86,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032105Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:14.698{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4BEDCCB4735649F9583DBBC8002985DC,SHA256=65E78B8839B23D140CEC74818739049C827B643EAE1AC1BF60DAB7B7A5AD2AC9,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000032104Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:14.479{82855F7C-5842-6112-7A06-00000000E601}40122636C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{82855F7C-36F1-6112-9800-00000000E601}3912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032103Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:14.339{82855F7C-36F1-6112-9C00-00000000E601}40083632C:\Windows\system32\conhost.exe{82855F7C-5842-6112-7A06-00000000E601}4012C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032102Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:14.339{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032101Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:14.339{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032100Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:14.339{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032099Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:14.339{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032098Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:14.339{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032097Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:14.339{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032096Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:14.339{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032095Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:14.339{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032094Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:14.339{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032093Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:14.339{82855F7C-3680-6112-0500-00000000E601}396984C:\Windows\system32\csrss.exe{82855F7C-5842-6112-7A06-00000000E601}4012C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000032092Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:14.339{82855F7C-36F1-6112-9800-00000000E601}39123768C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82855F7C-5842-6112-7A06-00000000E601}4012C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000032091Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:14.339{82855F7C-5842-6112-7A06-00000000E601}4012C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{82855F7C-3680-6112-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{82855F7C-36F1-6112-9800-00000000E601}3912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
354300x800000000000000032090Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:11.887{82855F7C-36F9-6112-C600-00000000E601}3984C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local51461-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000032123Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:15.964{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57FFC179AF2680D257ED7B2CEEA8A56B,SHA256=D0D4F93056335470AAA9F630BD65DABBD48E135040E0482B24602740BA6545E6,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032122Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:15.964{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CCE161F031B257353DC8204F60AF3BC0,SHA256=100DDD793204B4AC4FD03DFEAE60651100C13D61F7A60982DC26EE1B1F1C954F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045608Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:15.531{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1BB989B730455DED047A8984D7C009B,SHA256=B15BE3B93E33F08EA0214E24E182CCCB8649B72BB1B290E1BB19A98837F2B65B,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000032121Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:15.011{82855F7C-36F1-6112-9C00-00000000E601}40083632C:\Windows\system32\conhost.exe{82855F7C-5843-6112-7B06-00000000E601}3248C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032120Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:15.011{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032119Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:15.011{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032118Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:15.011{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032117Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:15.011{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032116Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:15.011{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032115Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:15.011{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032114Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:15.011{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032113Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:15.011{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032112Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:15.011{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032111Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:15.011{82855F7C-3680-6112-0500-00000000E601}396512C:\Windows\system32\csrss.exe{82855F7C-5843-6112-7B06-00000000E601}3248C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000032110Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:15.011{82855F7C-36F1-6112-9800-00000000E601}39123768C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82855F7C-5843-6112-7B06-00000000E601}3248C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000032109Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:15.011{82855F7C-5843-6112-7B06-00000000E601}3248C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{82855F7C-3680-6112-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{82855F7C-36F1-6112-9800-00000000E601}3912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000045609Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:16.546{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D33949E6E7D65A9212841EB551813C8,SHA256=548CA2C60755F17EBD32D531CF466DDFAA25381190AB5D92784E781FF8CEE974,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000032152Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.839{82855F7C-5844-6112-7D06-00000000E601}30763584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{82855F7C-36F1-6112-9800-00000000E601}3912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032151Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.698{82855F7C-36F1-6112-9C00-00000000E601}40083632C:\Windows\system32\conhost.exe{82855F7C-5844-6112-7D06-00000000E601}3076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032150Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.698{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032149Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.698{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032148Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.698{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032147Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.698{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032146Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.698{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032145Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.698{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032144Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.698{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032143Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.698{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032142Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.698{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032141Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.698{82855F7C-3680-6112-0500-00000000E601}396412C:\Windows\system32\csrss.exe{82855F7C-5844-6112-7D06-00000000E601}3076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000032140Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.698{82855F7C-36F1-6112-9800-00000000E601}39123768C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82855F7C-5844-6112-7D06-00000000E601}3076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000032139Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.699{82855F7C-5844-6112-7D06-00000000E601}3076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{82855F7C-3680-6112-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{82855F7C-36F1-6112-9800-00000000E601}3912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x800000000000000032138Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.182{82855F7C-5844-6112-7C06-00000000E601}38123636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{82855F7C-36F1-6112-9800-00000000E601}3912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000032137Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.042{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A289FFA848B1B836BE977EFA8B90444E,SHA256=05B2A12CE6D726EFF1DD51DBEBFA6A572BB503EF3156ADF21E0F45BB06BEDE86,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000032136Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.026{82855F7C-36F1-6112-9C00-00000000E601}40083632C:\Windows\system32\conhost.exe{82855F7C-5844-6112-7C06-00000000E601}3812C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032135Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.026{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032134Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.026{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032133Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.026{82855F7C-3680-6112-0500-00000000E601}396984C:\Windows\system32\csrss.exe{82855F7C-5844-6112-7C06-00000000E601}3812C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000032132Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.026{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032131Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.026{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032130Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.026{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032129Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.026{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032128Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.026{82855F7C-36F1-6112-9800-00000000E601}39123768C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82855F7C-5844-6112-7C06-00000000E601}3812C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032127Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.026{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032126Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.026{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032125Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.026{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000032124Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:16.027{82855F7C-5844-6112-7C06-00000000E601}3812C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{82855F7C-3680-6112-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{82855F7C-36F1-6112-9800-00000000E601}3912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000045610Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:17.577{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=96CF8B1DF4E196A59B1254C9C74C847D,SHA256=6A3A39C5532F14B01C6D7D48784D7F14BB502C8C5AA6D19A0680BE5E1D88319A,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000032180Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.870{82855F7C-36F1-6112-9C00-00000000E601}40083632C:\Windows\system32\conhost.exe{82855F7C-5845-6112-7F06-00000000E601}2240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032179Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.870{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032178Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.870{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032177Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.870{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032176Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.870{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032175Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.870{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032174Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.870{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032173Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.870{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032172Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.870{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032171Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.870{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032170Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.870{82855F7C-3680-6112-0500-00000000E601}396984C:\Windows\system32\csrss.exe{82855F7C-5845-6112-7F06-00000000E601}2240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000032169Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.870{82855F7C-36F1-6112-9800-00000000E601}39123768C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82855F7C-5845-6112-7F06-00000000E601}2240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000032168Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.871{82855F7C-5845-6112-7F06-00000000E601}2240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{82855F7C-3680-6112-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{82855F7C-36F1-6112-9800-00000000E601}3912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000032167Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.761{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=77563301710B866CEFD88075D58E6405,SHA256=E90058AF158778A755FB7B9BB94E032D99A5920648D7184EB128AEA336048882,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032166Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.464{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A370A476DC133E8E264EB85955E23881,SHA256=3E8165E65593CCA5D04FD217294997B3B582BBF851C1F749696E22EBB40BB72A,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000032165Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.370{82855F7C-36F1-6112-9C00-00000000E601}40083632C:\Windows\system32\conhost.exe{82855F7C-5845-6112-7E06-00000000E601}768C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032164Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.370{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032163Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.370{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032162Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.370{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032161Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.370{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032160Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.370{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032159Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.370{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032158Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.370{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032157Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.370{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032156Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.370{82855F7C-3681-6112-0C00-00000000E601}7124028C:\Windows\system32\svchost.exe{82855F7C-3681-6112-1F00-00000000E601}2044C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000032155Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.370{82855F7C-3680-6112-0500-00000000E601}396412C:\Windows\system32\csrss.exe{82855F7C-5845-6112-7E06-00000000E601}768C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000032154Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.370{82855F7C-36F1-6112-9800-00000000E601}39123768C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{82855F7C-5845-6112-7E06-00000000E601}768C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000032153Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.371{82855F7C-5845-6112-7E06-00000000E601}768C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{82855F7C-3680-6112-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{82855F7C-36F1-6112-9800-00000000E601}3912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000045616Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:18.592{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22B7C9CFCE31767B9F15FC55502FAFCD,SHA256=31FA1EA88CD4ABF08B93D72164218733673B465816A80F3047C715EC8F68C58C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032183Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:18.901{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=01391997AC92F30C896C1B3EC5B79C31,SHA256=3AE8EA0DBC646A7F2CE3C4F957638CEB280CD99C74F50D02D6C5D7DE650C5E9D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032182Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:18.464{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C06ED85351CEA34430EAB2DFBEBFC137,SHA256=8DEA7E9FB5240BE28F4A8CC156407167E0629A649A48AD4E629D0ADEEB32308F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045615Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:18.529{82A15F94-3D89-6112-C804-00000000E501}6460ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vqb9vyz9.default-release\storage\default\https+++twitter.com\idb\1046228012scyn.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000045614Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:18.476{82A15F94-3D89-6112-C804-00000000E501}64606380C:\Program Files\Mozilla Firefox\firefox.exe{82A15F94-3D8C-6112-CD04-00000000E501}6248C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1befe1|C:\Program Files\Mozilla Firefox\xul.dll+a1c74f|C:\Program Files\Mozilla Firefox\xul.dll+240e608|C:\Program Files\Mozilla Firefox\xul.dll+22cf131|C:\Program Files\Mozilla Firefox\xul.dll+22cb14a|C:\Program Files\Mozilla Firefox\xul.dll+2efb550|C:\Program Files\Mozilla Firefox\xul.dll+2f150da|C:\Program Files\Mozilla Firefox\xul.dll+2ef4929|C:\Program Files\Mozilla Firefox\xul.dll+2ef4645|C:\Program Files\Mozilla Firefox\xul.dll+2ef81eb|C:\Program Files\Mozilla Firefox\xul.dll+2f102bd|C:\Program Files\Mozilla Firefox\xul.dll+2f1c528|C:\Program Files\Mozilla Firefox\xul.dll+2f1b924|C:\Program Files\Mozilla Firefox\xul.dll+2eff0f0|C:\Program Files\Mozilla Firefox\xul.dll+166a881|C:\Program Files\Mozilla Firefox\xul.dll+166937a|C:\Program Files\Mozilla Firefox\xul.dll+a1516f|C:\Program Files\Mozilla Firefox\xul.dll+26c7e|C:\Program Files\Mozilla Firefox\xul.dll+8dd9e7|C:\Program Files\Mozilla Firefox\nss3.dll+754ed|C:\Program Files\Mozilla Firefox\nss3.dll+8d281|C:\Windows\System32\ucrtbase.dll+1fb80
10341000x800000000000000045613Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:18.476{82A15F94-3D89-6112-C804-00000000E501}64606380C:\Program Files\Mozilla Firefox\firefox.exe{82A15F94-3D8C-6112-CD04-00000000E501}6248C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1befe1|C:\Program Files\Mozilla Firefox\xul.dll+a1c74f|C:\Program Files\Mozilla Firefox\xul.dll+240e608|C:\Program Files\Mozilla Firefox\xul.dll+22cf131|C:\Program Files\Mozilla Firefox\xul.dll+22cb14a|C:\Program Files\Mozilla Firefox\xul.dll+2efb550|C:\Program Files\Mozilla Firefox\xul.dll+2f150da|C:\Program Files\Mozilla Firefox\xul.dll+2ef4929|C:\Program Files\Mozilla Firefox\xul.dll+2ef4645|C:\Program Files\Mozilla Firefox\xul.dll+2ef81eb|C:\Program Files\Mozilla Firefox\xul.dll+2f102bd|C:\Program Files\Mozilla Firefox\xul.dll+2f1c528|C:\Program Files\Mozilla Firefox\xul.dll+2f1b924|C:\Program Files\Mozilla Firefox\xul.dll+2eff0f0|C:\Program Files\Mozilla Firefox\xul.dll+166a881|C:\Program Files\Mozilla Firefox\xul.dll+166937a|C:\Program Files\Mozilla Firefox\xul.dll+a1516f|C:\Program Files\Mozilla Firefox\xul.dll+26c7e|C:\Program Files\Mozilla Firefox\xul.dll+8dd9e7|C:\Program Files\Mozilla Firefox\nss3.dll+754ed|C:\Program Files\Mozilla Firefox\nss3.dll+8d281|C:\Windows\System32\ucrtbase.dll+1fb80
18141800x800000000000000045612Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-ConnectPipe2021-08-10 10:43:18.476{82A15F94-3D89-6112-C804-00000000E501}6460\chrome.6248.56.102192821C:\Program Files\Mozilla Firefox\firefox.exe
17141700x800000000000000045611Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-CreatePipe2021-08-10 10:43:18.476{82A15F94-3D8C-6112-CD04-00000000E501}6248\chrome.6248.56.102192821C:\Program Files\Mozilla Firefox\firefox.exe
10341000x800000000000000032181Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:18.073{82855F7C-5845-6112-7F06-00000000E601}22402928C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{82855F7C-36F1-6112-9800-00000000E601}3912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x800000000000000032185Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:19.511{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1282B689899E2E2EA2AEF7F131821AD,SHA256=FE919EA7E464516D5C3A62955A360E36F1C594CE440612EAC3493F2D6AA848B0,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045617Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:19.609{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9C7D5B3EA3370631B1EE4EF1E85BF0B,SHA256=6966FE48FBA8176EDE7B2D2C6FD667EB9116F3739EABDFB1B465B345C8B9E738,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000032184Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:17.902{82855F7C-36F9-6112-C600-00000000E601}3984C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-456.attackrange.local51462-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000032186Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:20.511{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8236339BFF08E5B2097F4CC644C17EEE,SHA256=95C477E3D2E99BA3E6741897C2FAB3CA7DFB9F9D490E63F6CBA6FEC8E6A2678A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045619Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:20.675{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B47E75ED5C8BB40A9ECA0661BD15FDB,SHA256=C88797BFBE3EA5AB1786171BBC07DF4F7E3C5A1B663E96B3861722AF04716512,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000045618Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:16.597{82A15F94-3542-6112-DF00-00000000E501}4076C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-15.attackrange.local64303-false10.0.1.12-8000-
23542300x800000000000000045620Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:21.708{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D8F7B6603684A7C0056B0BE3870D4077,SHA256=ABF65CC00AFE23D0711DE6B45073ADE733B3A2F16FEEE47C87DC8B569B62CCE0,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000032187Microsoft-Windows-Sysmon/Operationalwin-host-456.attackrange.local-2021-08-10 10:43:21.526{82855F7C-36FE-6112-D600-00000000E601}640NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6C3DB782B126A1B4A090C1541218DCF,SHA256=B962D38A1B3328C0301BA974CCE68029DA3AB36916FC27D203DE648C285F128A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000045621Microsoft-Windows-Sysmon/Operationalwin-dc-15.attackrange.local-2021-08-10 10:43:22.712{82A15F94-3547-6112-E800-00000000E501}296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-w