11241100x800000000000000077656Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:22.719{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077655Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:22.719{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2C70AAB9D6BFBCEC8527E1D9C7E287D,SHA256=9479E86BBA056B5926941AB73F475C53A30764795138D1F2CDA0EB7D73FC9313,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075489Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:23.708{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3B230C68334E5C53B54BDE61A08CEC42,SHA256=D396E3D36CBFF308C538DE85F44594E86F997417B4520C29B7AEC64357CD9F3F,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077658Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:23.735{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077657Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:23.735{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80D8AAC842BC5417F7E9FE565A3CD991,SHA256=9F0103DC6ED9CBADD8E2C811123DD9676E8A07F60833F1FE1A8587E6E3D62AEA,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000075504Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:22.309{89999F75-EEEB-60B9-6C00-00000000C401}3376C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-392.attackrange.local50618-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000075503Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:24.723{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=356F2DDF2A2041D10510085E7343B3EE,SHA256=F43D393C9B102D43F6FC744743BDF933ACD42058566120077E8773F5CED26196,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077660Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:24.750{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077659Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:24.750{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48E58AA6E1DB382BBD82B75F699526DD,SHA256=954E269390A18C1FCE094BF06253D8A5006EC033159FC4799466A2677A6D4616,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000075502Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:24.661{89999F75-EEE1-60B9-3700-00000000C401}34083428C:\Windows\system32\conhost.exe{89999F75-375C-60BA-D30D-00000000C401}2548C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075501Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:24.661{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075500Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:24.661{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075499Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:24.661{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075498Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:24.661{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075497Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:24.661{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075496Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:24.661{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075495Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:24.661{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075494Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:24.661{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075493Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:24.661{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075492Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:24.661{89999F75-EECD-60B9-0500-00000000C401}408412C:\Windows\system32\csrss.exe{89999F75-375C-60BA-D30D-00000000C401}2548C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000075491Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:24.661{89999F75-EEE0-60B9-2D00-00000000C401}29803556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{89999F75-375C-60BA-D30D-00000000C401}2548C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000075490Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:24.662{89999F75-375C-60BA-D30D-00000000C401}2548C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{89999F75-EECE-60B9-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{89999F75-EEE0-60B9-2D00-00000000C401}2980C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
11241100x800000000000000077662Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:25.766{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077661Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:25.766{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E612B4F70189A4C6EC47DF1FD86CAF41,SHA256=5A9AB985DC2A014FDCF514D8086FB2D95FF3B3DBD40108005D19A5B9A37D2E71,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075520Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:25.723{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=169C2C3E4A7B160D397B4ED3EE8E725C,SHA256=632D1AAA2F7C039A830853643612106DC46674B9DC2A99B529FE3587A1290EB8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075519Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:25.661{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A0E6573F9A7CA60184AE2C44BB761C45,SHA256=727ECB1409012CAA90423F8A69669A99C97BDA875150696F92165FF1927A8CDB,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000075518Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:25.458{89999F75-375D-60BA-D40D-00000000C401}4532716C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{89999F75-EEE0-60B9-2D00-00000000C401}2980C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075517Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:25.161{89999F75-EEE1-60B9-3700-00000000C401}34083428C:\Windows\system32\conhost.exe{89999F75-375D-60BA-D40D-00000000C401}4532C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075516Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:25.161{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075515Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:25.161{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075514Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:25.161{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075513Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:25.161{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075512Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:25.161{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075511Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:25.161{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075510Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:25.161{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075509Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:25.161{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075508Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:25.161{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075507Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:25.161{89999F75-EECD-60B9-0500-00000000C401}408424C:\Windows\system32\csrss.exe{89999F75-375D-60BA-D40D-00000000C401}4532C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000075506Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:25.161{89999F75-EEE0-60B9-2D00-00000000C401}29803556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{89999F75-375D-60BA-D40D-00000000C401}4532C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000075505Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:25.162{89999F75-375D-60BA-D40D-00000000C401}4532C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{89999F75-EECE-60B9-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{89999F75-EEE0-60B9-2D00-00000000C401}2980C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
11241100x800000000000000077665Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:26.782{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077664Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:26.782{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79D9FF1BD66E4FA1F806AF413E7670C5,SHA256=408141A66E13C29E69FB63BF39E406E390B3B1E6CA3B6DDB32325BEF3143F215,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075521Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:26.739{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D5A7770227E6E1F3BD2B51472786A0D,SHA256=A87E9A5F744E596F93AD27198CB7D7B464E5B91EE42762195260488327078AC8,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000077663Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:22.807{3F3E08E7-02E6-60BA-9106-00000000C501}6124C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-243.eu-central-1.compute.internal53541-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000075524Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:27.755{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A19AFF576F42587F36430B5780524C8B,SHA256=E6677D242EBEABAFA99EAE5F93836B30D52C918F330E497F7DA0C957295E9FE2,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077667Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:27.797{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077666Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:27.797{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=38F9941DC84DF077C58A55C84F7AE0CE,SHA256=5866DE3DDFE610CDFBAFA0CBF23DD08214B93BE09E0F198B7914B35F3FF285DE,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000075523Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:24.419{89999F75-EECE-60B9-0B00-00000000C401}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-392.attackrange.local50619-true0:0:0:0:0:0:0:1win-dc-392.attackrange.local389ldap
354300x800000000000000075522Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:24.419{89999F75-EEE0-60B9-2800-00000000C401}2932C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-392.attackrange.local50619-true0:0:0:0:0:0:0:1win-dc-392.attackrange.local389ldap
23542300x800000000000000075525Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:28.770{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=524CD08C4331C2B14C5B03873832CD92,SHA256=CA3F268C0CB405522F4931A643ED3F72273A6ECA0A901F82AB25F4A2299CEC58,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077671Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:28.798{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077670Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:28.798{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE9F1BA443E6B03250E263C98D58D593,SHA256=B4D228633988AB5B9F9373821528CC3E2881E5D13CD5AE5904E6C3D125D77C58,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077669Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:28.375{3F3E08E7-F094-60B9-1100-00000000C501}968C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat2021-06-04 09:21:24.810
23542300x800000000000000077668Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:28.375{3F3E08E7-F094-60B9-1100-00000000C501}968NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=1E6A286C18D240AAB6B438855ECE4FD1,SHA256=4EC32DD7E04AB81DD75168A01358AD990D8211E1FF1947DD6385EF2798845E9A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075526Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:29.833{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=285A913BF8FCF8F43C51D8A47AA44ACA,SHA256=3DB0BC3F8C8481BD042D504EE188A1D11BC913F6BC7908677ED9867E4671E320,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077676Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:29.811{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077675Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:29.811{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A252EFF848CD8577F47F98A729E976DF,SHA256=9F0FC446D6DF73908AF419A02E6EAFFA45961530A91BEB8467470A3E92EA4711,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000077674Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:29.220{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-F094-60B9-1300-00000000C501}744C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077673Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:29.220{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-F094-60B9-1300-00000000C501}744C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077672Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:29.220{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-F094-60B9-1300-00000000C501}744C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
11241100x800000000000000077678Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:30.814{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077677Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:30.814{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B67D1903D8423EDED62119FACACE0FB2,SHA256=2BD2C5CAB9B6631F49E341CF0A130DE96156BF8AA80002143C883D18BBE500A0,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075527Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:30.848{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=448B0E5E5705FAFCB56366B3E4D0FCA7,SHA256=BE6EE9551B37E04FF3520C63DFA6AF5537B25475DBB45592156AC88D7F8CD89F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075528Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:31.864{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=02E9B7BE73587ACFED6809B295C6D868,SHA256=4B32718FD362E0735EE275F78F55568A43244741D89BB70578EE4E83C7753A91,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077681Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:31.830{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077680Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:31.830{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D61D21C7C0AB60670BC5E60A3604F3E8,SHA256=785C0ED348E3BC1EE62E7FD5BEF10253561646BE397C69E37B1E5CCFB98D648F,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000077679Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:28.824{3F3E08E7-02E6-60BA-9106-00000000C501}6124C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-243.eu-central-1.compute.internal53542-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000075530Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:32.880{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E18B0C21B05AFA4393819574CD58A68D,SHA256=C89C0C87651535F2B8FCDE56F414DFB90710D2AE46F791587C228D34C349DD5A,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077686Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:32.845{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077685Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:32.845{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45B6F056543D3413EC26ABC9728BDC63,SHA256=89325F2E7FBB250796358F38951A0E9411CF43119A8B7B792FF2D0CE84C173EB,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000075529Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:28.356{89999F75-EEEB-60B9-6C00-00000000C401}3376C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-392.attackrange.local50620-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
11241100x800000000000000077684Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:32.798{3F3E08E7-FC3E-60B9-3405-00000000C501}952C:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat2021-06-04 08:43:19.954
23542300x800000000000000077683Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:32.798{3F3E08E7-FC3E-60B9-3405-00000000C501}952WIN-HOST-243\AdministratorC:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.datMD5=58FDE1A71D2ADB272DABB3A92B406559,SHA256=555933C7D5D49EBF3648EE1EF420E0C71835139B8A8DEF8FBA64C9EBE48B0C32,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077682Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:32.798{3F3E08E7-064C-60BA-2907-00000000C501}5224C:\Windows\system32\mmc.exeC:\Users\Administrator\AppData\Roaming\Microsoft\MMC\services2021-06-04 14:23:32.798
23542300x800000000000000075531Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:33.942{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9DD67BCBC85731E941AB4864BAE13190,SHA256=DD5DFAD78AE49EEF8463972E119901F4C7A98A540836D47548883299B7767C38,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077696Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:33.877{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077695Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:33.877{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48ADD0BE2FC296CCDF49C83C56210B5B,SHA256=3FA80386A2109E3BF642E1AC0DD825607BC1E50FC3EB2EA4E27F660B350F6CED,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000077694Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:33.502{3F3E08E7-02DF-60BA-6706-00000000C501}16124500C:\Windows\system32\conhost.exe{3F3E08E7-3765-60BA-040D-00000000C501}5920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077693Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:33.502{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077692Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:33.502{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077691Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:33.502{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077690Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:33.502{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077689Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:33.502{3F3E08E7-F093-60B9-0500-00000000C501}416432C:\Windows\system32\csrss.exe{3F3E08E7-3765-60BA-040D-00000000C501}5920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000077688Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:33.502{3F3E08E7-02DF-60BA-6306-00000000C501}41444808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3F3E08E7-3765-60BA-040D-00000000C501}5920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000077687Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:33.502{3F3E08E7-3765-60BA-040D-00000000C501}5920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3F3E08E7-F094-60B9-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{3F3E08E7-02DF-60BA-6306-00000000C501}4144C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000075532Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:34.989{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA8CC0280AC965A067E840A61BBA4F39,SHA256=20D4A4BD2A23CBD51EEC8F86FD3C4923395D2C10CED4575421D926B30E6696C2,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000077719Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:34.970{3F3E08E7-3766-60BA-060D-00000000C501}35563416C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{3F3E08E7-02DF-60BA-6306-00000000C501}4144C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
11241100x800000000000000077718Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:34.892{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077717Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:34.892{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7FEE552BBD7490A922FEEF00CC0C7381,SHA256=7EDF4F5EEBF0D0D190C4FE0641EA5936E24BCE283BB0E969043FFDDAD6341686,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000077716Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:34.845{3F3E08E7-02DF-60BA-6706-00000000C501}16124500C:\Windows\system32\conhost.exe{3F3E08E7-3766-60BA-060D-00000000C501}3556C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077715Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:34.845{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077714Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:34.845{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077713Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:34.845{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077712Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:34.845{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077711Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:34.845{3F3E08E7-F093-60B9-0500-00000000C501}416432C:\Windows\system32\csrss.exe{3F3E08E7-3766-60BA-060D-00000000C501}3556C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000077710Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:34.845{3F3E08E7-02DF-60BA-6306-00000000C501}41444808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3F3E08E7-3766-60BA-060D-00000000C501}3556C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000077709Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:34.846{3F3E08E7-3766-60BA-060D-00000000C501}3556C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3F3E08E7-F094-60B9-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{3F3E08E7-02DF-60BA-6306-00000000C501}4144C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
11241100x800000000000000077708Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:34.564{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Security2021-06-04 09:21:08.545
23542300x800000000000000077707Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:34.564{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8B0C4AFFE69CC580D9ADF9D2894E445F,SHA256=B74D1D5C53A59138D12BA500F025E6CAB4384DB1A29F4D681EDD0785F648E8D5,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077706Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:34.564{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Security2021-06-04 09:21:08.545
23542300x800000000000000077705Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:34.564{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A25E2952D9973B9CB08FD315C34A8277,SHA256=5169CAE3319BE526D3E2BA7DF0F7B3FCE46CC6B1A0A8495714E65305248DADAC,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000077704Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:34.174{3F3E08E7-02DF-60BA-6706-00000000C501}16124500C:\Windows\system32\conhost.exe{3F3E08E7-3766-60BA-050D-00000000C501}5776C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077703Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:34.174{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077702Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:34.174{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077701Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:34.174{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077700Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:34.174{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077699Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:34.174{3F3E08E7-F093-60B9-0500-00000000C501}416532C:\Windows\system32\csrss.exe{3F3E08E7-3766-60BA-050D-00000000C501}5776C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000077698Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:34.174{3F3E08E7-02DF-60BA-6306-00000000C501}41444808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3F3E08E7-3766-60BA-050D-00000000C501}5776C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000077697Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:34.174{3F3E08E7-3766-60BA-050D-00000000C501}5776C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3F3E08E7-F094-60B9-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{3F3E08E7-02DF-60BA-6306-00000000C501}4144C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
11241100x800000000000000077723Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:35.908{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077722Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:35.908{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C62B165E81A42FF4FDFA4DBEC216EBA,SHA256=6C6346AA29C886A25436229C1BDF6D71CCBFC950454348CDD947C1F99129AFB5,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077721Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:35.861{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Security2021-06-04 09:21:08.545
23542300x800000000000000077720Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:35.861{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8B0C4AFFE69CC580D9ADF9D2894E445F,SHA256=B74D1D5C53A59138D12BA500F025E6CAB4384DB1A29F4D681EDD0785F648E8D5,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000077733Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:36.470{3F3E08E7-3768-60BA-070D-00000000C501}61125544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3F3E08E7-02DF-60BA-6306-00000000C501}4144C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077732Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:36.345{3F3E08E7-02DF-60BA-6706-00000000C501}16124500C:\Windows\system32\conhost.exe{3F3E08E7-3768-60BA-070D-00000000C501}6112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077731Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:36.345{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077730Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:36.345{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077729Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:36.345{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077728Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:36.345{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077727Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:36.345{3F3E08E7-F093-60B9-0500-00000000C501}416532C:\Windows\system32\csrss.exe{3F3E08E7-3768-60BA-070D-00000000C501}6112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000077726Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:36.345{3F3E08E7-02DF-60BA-6306-00000000C501}41444808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3F3E08E7-3768-60BA-070D-00000000C501}6112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000077725Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:36.346{3F3E08E7-3768-60BA-070D-00000000C501}6112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3F3E08E7-F094-60B9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3F3E08E7-02DF-60BA-6306-00000000C501}4144C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
354300x800000000000000077724Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:33.840{3F3E08E7-02E6-60BA-9106-00000000C501}6124C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-243.eu-central-1.compute.internal53543-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000075533Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:36.005{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60F5336FE85AE97BF1A19B39A142C2A7,SHA256=EE830BC89ED4AEC03EA366088058E67B8220A82A6269B94CC8EF82CCDE3C4251,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000077754Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:37.689{3F3E08E7-02DF-60BA-6706-00000000C501}16124500C:\Windows\system32\conhost.exe{3F3E08E7-3769-60BA-090D-00000000C501}5000C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077753Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:37.689{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077752Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:37.689{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077751Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:37.689{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077750Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:37.689{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077749Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:37.689{3F3E08E7-F093-60B9-0500-00000000C501}416532C:\Windows\system32\csrss.exe{3F3E08E7-3769-60BA-090D-00000000C501}5000C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000077748Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:37.689{3F3E08E7-02DF-60BA-6306-00000000C501}41444808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3F3E08E7-3769-60BA-090D-00000000C501}5000C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000077747Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:37.690{3F3E08E7-3769-60BA-090D-00000000C501}5000C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3F3E08E7-F094-60B9-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{3F3E08E7-02DF-60BA-6306-00000000C501}4144C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
11241100x800000000000000077746Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:37.361{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Security2021-06-04 09:21:08.545
23542300x800000000000000077745Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:37.361{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DFDE97A5951732C7B46BA0C1825E689E,SHA256=39485C39CEFB680E0C7B755FCFCB966435D506B1345A8F7921161DA2246E6B0A,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000077744Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:37.142{3F3E08E7-3769-60BA-080D-00000000C501}43565876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3F3E08E7-02DF-60BA-6306-00000000C501}4144C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
11241100x800000000000000077743Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:37.033{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077742Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:37.033{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52C648B36FE90ADBA79C9113681A270C,SHA256=90C69A0FFED527CC954AB90A201D1488FB8D5B0AC7E1F7576AFEE0F3000A88CF,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000075535Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:34.387{89999F75-EEEB-60B9-6C00-00000000C401}3376C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-392.attackrange.local50621-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000075534Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:37.051{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52FA00A436A1452631C7F4866BE1F41B,SHA256=9D0FF7DF9DCB22007FE00EC3FD1DF0D09440B62BEB2498FBFDFC9BB5DD8EEF0F,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000077741Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:37.017{3F3E08E7-02DF-60BA-6706-00000000C501}16124500C:\Windows\system32\conhost.exe{3F3E08E7-3769-60BA-080D-00000000C501}4356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077740Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:37.017{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077739Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:37.017{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077738Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:37.017{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077737Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:37.017{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077736Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:37.017{3F3E08E7-F093-60B9-0500-00000000C501}416432C:\Windows\system32\csrss.exe{3F3E08E7-3769-60BA-080D-00000000C501}4356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000077735Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:37.017{3F3E08E7-02DF-60BA-6306-00000000C501}41444808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3F3E08E7-3769-60BA-080D-00000000C501}4356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000077734Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:37.018{3F3E08E7-3769-60BA-080D-00000000C501}4356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{3F3E08E7-F094-60B9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3F3E08E7-02DF-60BA-6306-00000000C501}4144C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000075536Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:38.114{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FFA5981817B12FEF05FC87D3387B71B5,SHA256=12B4F311A40148F6B930E1976B7601CE0670F421DE79EC1BC166AC6E6F98472E,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077767Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:38.689{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Security2021-06-04 09:21:08.545
23542300x800000000000000077766Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:38.689{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7DABA761A0ECBD0BABD98D51C927C62D,SHA256=5B4CF5183CE0D6761F97AE1D4BCBD3DC70DA551BD1C7570E00008CD994A349B3,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000077765Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:38.486{3F3E08E7-376A-60BA-0A0D-00000000C501}3588156C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{3F3E08E7-02DF-60BA-6306-00000000C501}4144C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077764Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:38.361{3F3E08E7-02DF-60BA-6706-00000000C501}16124500C:\Windows\system32\conhost.exe{3F3E08E7-376A-60BA-0A0D-00000000C501}3588C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077763Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:38.361{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077762Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:38.361{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077761Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:38.361{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077760Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:38.361{3F3E08E7-F094-60B9-0C00-00000000C501}7284460C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077759Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:38.361{3F3E08E7-F093-60B9-0500-00000000C501}416532C:\Windows\system32\csrss.exe{3F3E08E7-376A-60BA-0A0D-00000000C501}3588C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000077758Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:38.361{3F3E08E7-02DF-60BA-6306-00000000C501}41444808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3F3E08E7-376A-60BA-0A0D-00000000C501}3588C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000077757Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:38.362{3F3E08E7-376A-60BA-0A0D-00000000C501}3588C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3F3E08E7-F094-60B9-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{3F3E08E7-02DF-60BA-6306-00000000C501}4144C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
11241100x800000000000000077756Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:38.033{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077755Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:38.033{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B4ECE6A78D791FD02A24B7AF5396AF23,SHA256=A345EEA58D8EF350C888F0FD5C17DD9204529EE46DD8010C347405C2264CE84D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075537Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:39.145{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60002A2C870AA47DF6261139236CD21F,SHA256=C1809A459DCECADCBCC5F184C8BDA6F958EDB161C46F7A3DF62B3B9BB49DDE9F,IMPHASH=00000000000000000000000000000000falsetrue
13241300x800000000000000077779Microsoft-Windows-Sysmon/Operationalwin-host-243-SetValue2021-06-04 14:23:39.614{3F3E08E7-F094-60B9-0B00-00000000C501}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006)
13241300x800000000000000077778Microsoft-Windows-Sysmon/Operationalwin-host-243-SetValue2021-06-04 14:23:39.614{3F3E08E7-F094-60B9-0B00-00000000C501}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0114c044)
13241300x800000000000000077777Microsoft-Windows-Sysmon/Operationalwin-host-243-SetValue2021-06-04 14:23:39.614{3F3E08E7-F094-60B9-0B00-00000000C501}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d75944-0xd4706b6e)
13241300x800000000000000077776Microsoft-Windows-Sysmon/Operationalwin-host-243-SetValue2021-06-04 14:23:39.614{3F3E08E7-F094-60B9-0B00-00000000C501}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7594d-0x3634d36e)
13241300x800000000000000077775Microsoft-Windows-Sysmon/Operationalwin-host-243-SetValue2021-06-04 14:23:39.614{3F3E08E7-F094-60B9-0B00-00000000C501}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d75955-0x97f93b6e)
13241300x800000000000000077774Microsoft-Windows-Sysmon/Operationalwin-host-243-SetValue2021-06-04 14:23:39.614{3F3E08E7-F094-60B9-0B00-00000000C501}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006)
13241300x800000000000000077773Microsoft-Windows-Sysmon/Operationalwin-host-243-SetValue2021-06-04 14:23:39.614{3F3E08E7-F094-60B9-0B00-00000000C501}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0114c044)
13241300x800000000000000077772Microsoft-Windows-Sysmon/Operationalwin-host-243-SetValue2021-06-04 14:23:39.614{3F3E08E7-F094-60B9-0B00-00000000C501}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d75944-0xd4706b6e)
13241300x800000000000000077771Microsoft-Windows-Sysmon/Operationalwin-host-243-SetValue2021-06-04 14:23:39.614{3F3E08E7-F094-60B9-0B00-00000000C501}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7594d-0x3634d36e)
13241300x800000000000000077770Microsoft-Windows-Sysmon/Operationalwin-host-243-SetValue2021-06-04 14:23:39.614{3F3E08E7-F094-60B9-0B00-00000000C501}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d75955-0x97f93b6e)
11241100x800000000000000077769Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:39.049{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077768Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:39.049{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D335A25E2BDE4EEF3E845F7F47588BC9,SHA256=610F311155E87D5C794709CD12986F92DA74188C7C44AC14F4A1D793B517E412,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075538Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:40.180{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A12EF7E95ECC5BD4F0807E85F2D3E224,SHA256=513485272E23D1665A11B59EC78A33CD7C5D3E7DEF8080825EF7BABCB21E68BA,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000077784Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:40.926{3F3E08E7-FC3E-60B9-3405-00000000C501}952WIN-HOST-243\AdministratorC:\Windows\Explorer.EXEC:\Temp\test\terraform_1952209274.cmdMD5=F3B25701FE362EC84616A93A45CE9998,SHA256=B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000077783Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:40.926{3F3E08E7-FC3E-60B9-3405-00000000C501}952WIN-HOST-243\AdministratorC:\Windows\Explorer.EXEC:\Temp\test\revil_001C0000_9a.7z.2wcqrp67MD5=8BF79B303CB65F88B31E078D2FE48F2F,SHA256=16CD335FA55866C8BAE58E0F18713493475BA8C926153107DA2AAF714648F65B,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000077782Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:40.426{3F3E08E7-FC3D-60B9-2F05-00000000C501}37522884C:\Windows\system32\taskhostw.exe{3F3E08E7-FC3E-60B9-3405-00000000C501}952C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
11241100x800000000000000077781Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:40.161{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077780Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:40.161{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68BFF0B26A54AA47E30DFC314AFF9288,SHA256=0A88C04DC05EFBC5267E7B04B395E440F78ABF39CA94B0E36B47CA6ABEF3D6C0,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000077787Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:39.858{3F3E08E7-02E6-60BA-9106-00000000C501}6124C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-243.eu-central-1.compute.internal53544-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
11241100x800000000000000077786Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:41.379{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077785Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:41.379{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47919128F785BDB92B17A75BA8F8D2AF,SHA256=4E324CCC936C21A2016181E77FE2075E99FC8EA365B3C067AFCD98DAB85E9FEB,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075539Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:41.211{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD26260D3E177E3C134BA944CAE13E7D,SHA256=3CA3D45CE7B81ACB0A5DD933E79C638A62EB2B2BA8AD5F5B35C5542D9176A5E7,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000077790Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:42.723{3F3E08E7-FC3D-60B9-2F05-00000000C501}37522884C:\Windows\system32\taskhostw.exe{3F3E08E7-FC3E-60B9-3405-00000000C501}952C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
11241100x800000000000000077789Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:42.426{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077788Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:42.426{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B7FC94915EA33BF3DCC4C8201A3765F4,SHA256=22832D2EC90EC1F12B6DB75A2C3F5EFB2ABCE00BECC645A2EC5DF76F3B604EC4,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000075541Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:39.422{89999F75-EEEB-60B9-6C00-00000000C401}3376C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-392.attackrange.local50622-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000075540Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:42.274{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE2BEF4D5D4E50471A9F7A8753067A9A,SHA256=6BD6A1F301BBA38F357DC3FEDF567908F41BD5F53F9D0C0D9768AA68108CFFAA,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077793Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:43.614{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077792Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:43.614{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46603E8475CD5F1EFA3D007E0D29C67C,SHA256=F2E347F10B9BA78D9AA4F55792E63F8B42D67319648C6D8676DC70388D410AD1,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000075543Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:40.342{89999F75-EED0-60B9-0F00-00000000C401}308C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse104.248.36.610.ent.x64.eval.us-english.gz-s-8vcpu-16gb-amd-fra1-0155663-false10.0.1.14win-dc-392.attackrange.local3389ms-wbt-server
23542300x800000000000000075542Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:43.305{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E9233B38FC89EE2135A132F716B38E8,SHA256=25A180B30AB57BEB3CBE80AC042DE89BFD7AE4AC7EB71521CD47FEA4FF7861A0,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000077791Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:43.129{3F3E08E7-FC3E-60B9-3405-00000000C501}952WIN-HOST-243\AdministratorC:\Windows\Explorer.EXEC:\Temp\test\2wcqrp67.htmlMD5=7783435AA9802F6E740EA0F45ADFAA81,SHA256=72CADA5B401CBCC8CED1DCA313F4F9143EFCC71E539DBC5917E5B9F3CACB8528,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077795Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:44.629{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077794Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:44.629{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C841E6F18A64822FA329AD4D4F8D542A,SHA256=DF1E7BC037E31F8FECB01DB69E757482AFFA87EE19EC6F307CDF613511C4375F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075544Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:44.321{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B7A382A417F0401D8EDBA056A81E2FE5,SHA256=6F1631F2193E513205D9F76EA8FA43CB9DCFC491DD3D51BEF1A18CEF9FC0AC7E,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077797Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:45.661{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077796Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:45.661{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=105194D142067F66F299C48742262903,SHA256=58AB5ABCDBB1C9853900530F2B124DDB9A7D1ED6071C36D31028AC14601FA455,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075547Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:45.323{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04037774BE67E51265DD3E60D9340668,SHA256=A2B84BC7352BCE6A108A20988B4718F3DDA18F9CB4EB9A889F201BB9A68B20BD,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075546Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:45.180{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D8FC5E6FA7533CB77EC12C742107E42A,SHA256=D1BCC58B2B877538AE02D99996807258BF8582DD0FAC2D76846B7696152E63A2,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075545Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:45.180{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0A3162251234E88DF5CCFB5B270310EB,SHA256=73B8EF9F3E4C0AF7B1FCBF8814A3EB2F297D81C24D719FDE985C64A511DC0C14,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077799Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:46.801{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077798Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:46.801{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD148AC2487A79DF0A7068DECAF51327,SHA256=22CD011C30FDA6447F770F9BEF22AF9BC7F45AFD109F013A583E22A40D533B11,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075548Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:46.368{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4CC98E6E6C556C5B0BF696A86A3D7E59,SHA256=E07B8DB2D94113D4FEAEBDA8D0D668D61C560D7B068326F649A7E65FA01EE778,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077802Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:47.817{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077801Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:47.817{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9351CDFB0EEC990D220FD19A9D36A8C7,SHA256=1B658B390E6CFB74DB2B77B6090B0AD87079992A49EEAF6162284248ED2C326E,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000075550Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:45.219{89999F75-EEEB-60B9-6C00-00000000C401}3376C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-392.attackrange.local50623-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000075549Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:47.586{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9416590A715EA22A0C4D88A28A368EB5,SHA256=47A5CF1FEAE91C4B8842CFA2D4E4B3B3DD7516A9E9A9A8DDEED797F5CF208AE4,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000077800Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:44.967{3F3E08E7-02E6-60BA-9106-00000000C501}6124C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-243.eu-central-1.compute.internal53545-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
11241100x800000000000000077805Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:48.832{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077804Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:48.832{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C34CE118409DC36B6423C7A5A287325B,SHA256=1D90AC656936C75B2ED432B487F31B4F9EF2DA794B517D9379A8E805587AB6E9,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075551Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:48.696{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=97B8C4968A080B3DC9048F11CA01D653,SHA256=63B7FBAE5EDD8C467DFCE89402B0A8FBC12BD9B43C1739077F91F68DC65B7493,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077803Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:48.317{3F3E08E7-FC3E-60B9-3405-00000000C501}952C:\Windows\Explorer.EXEC:\Temp\test\terraform_1952209274.cmd2021-06-04 10:58:43.801
23542300x800000000000000075552Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:49.727{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BF50D09888716D9570D4E3919797205,SHA256=2E60E743009CAC24686ED143581F8C716BC497ED31853A2EBC080E849F2A846B,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075553Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:50.743{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=916DE1AE1966CC12C5B146FE39C0E81F,SHA256=540C662239E755571B0622DDEFCB83BF5B16FCBEC5E8DEAC0A3DB4F7A86322A5,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077809Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:50.379{3F3E08E7-02DF-60BA-6306-00000000C501}4144C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xml2021-06-04 09:23:23.209
23542300x800000000000000077808Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:50.379{3F3E08E7-02DF-60BA-6306-00000000C501}4144NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=E787AE74F389A1BD79FA5CAE42113AF9,SHA256=75A92A74657C280F5B2D1AEF350C3E4430D673CECFA873EAFEE8F06028F98FC6,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077807Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:50.020{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077806Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:50.020{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73E73D0B26B7BE35665DD8DAA3D9CB3B,SHA256=5A06860074F6C957ABD353D6223C12DAA2A15E6593D3D41D6A75A63EE413202D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075555Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:51.758{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D35C90006694B395FF9AEE8B85590609,SHA256=007287ACEC51FE2370796033F812B9ECB1731D20FAC9A12A07B67F21BE57DD91,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000077812Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:50.123{3F3E08E7-02DF-60BA-6306-00000000C501}4144C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-243.eu-central-1.compute.internal53546-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089-
11241100x800000000000000077811Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:51.036{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077810Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:51.036{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=912BEA93C022A8488C715AA1089F9740,SHA256=2673EBAEBECC9A468A8BFC9CCADBA93AA4E8E35680F4CF80F06D28F58BD550BB,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000075554Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:51.540{89999F75-EECE-60B9-0B00-00000000C401}6241952C:\Windows\system32\lsass.exe{89999F75-EECB-60B9-0100-00000000C401}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e
23542300x800000000000000075558Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:52.774{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F6E69A210183517634E45361B5E51AB,SHA256=ED119EF8DD5035E3803B79B2C149B68C492DD9EC941FF636DBD9C5F401F16746,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000077815Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:50.982{3F3E08E7-02E6-60BA-9106-00000000C501}6124C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-243.eu-central-1.compute.internal53547-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
11241100x800000000000000077814Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:52.067{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077813Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:52.067{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F712265D8CE656911DA14E3FF281EAA,SHA256=14B1CA18FE6EEFD1CFA49B0175B27121003019549DE96F0E404607ECFAA4248A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075557Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:52.618{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=10FBFE626FADB129ABD586867B3C3BD7,SHA256=189157851A4BB21C33C751ECD1BFADF32A3B8B2B172550BD70627B0A3524027A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075556Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:52.618{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D8FC5E6FA7533CB77EC12C742107E42A,SHA256=D1BCC58B2B877538AE02D99996807258BF8582DD0FAC2D76846B7696152E63A2,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075564Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:53.821{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=119F02FE883D70557A9C724B9058372B,SHA256=54DC653B69D993382FD8F0FB1B24223D469556D625595C1A5695CC677B1E78ED,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077817Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:53.098{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077816Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:53.098{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F684D8B817656962646A8E2179F302C,SHA256=3BB9117C704347A41110357788DB73F3AE2BF4638DA6E3EB695116A7FE6FF227,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000075563Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:53.133{89999F75-EED0-60B9-1600-00000000C401}12524616C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2A00-00000000C401}2948C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075562Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:53.133{89999F75-EED0-60B9-1600-00000000C401}12524616C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2A00-00000000C401}2948C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
354300x800000000000000075561Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:50.720{89999F75-EECB-60B9-0100-00000000C401}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:3c4a:8b18:68f0:a4d8win-dc-392.attackrange.local50625-truefe80:0:0:0:3c4a:8b18:68f0:a4d8win-dc-392.attackrange.local445microsoft-ds
354300x800000000000000075560Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:50.720{89999F75-EECB-60B9-0100-00000000C401}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:3c4a:8b18:68f0:a4d8win-dc-392.attackrange.local50625-truefe80:0:0:0:3c4a:8b18:68f0:a4d8win-dc-392.attackrange.local445microsoft-ds
354300x800000000000000075559Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:50.250{89999F75-EEEB-60B9-6C00-00000000C401}3376C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-392.attackrange.local50624-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000075565Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:54.868{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDC9A0B2EEBD5F9B964545DC57DF6F67,SHA256=5EB7AB93F104A48004D4CD94C72AAA468132DA2E2CFA105F5FE14EE3CCBD69A1,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077819Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:54.145{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077818Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:54.145{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE83EA8C715B35066DA2BFBA238ADE2C,SHA256=92F3882076DE6A096C1A1B21FE59E15D61FB45B639B8692A08E6ED86E80F1456,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075567Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:55.899{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=02E9BCEB43B3AC692F24C4ED4702A47A,SHA256=074CA99ECA44D58FAE96FDFFDAF1BCD54BF9C82E564EB0E8325938CA4C663640,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077821Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:55.161{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077820Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:55.161{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8686384069E69C22551B2275CA59710C,SHA256=63AAD7DA4903850D8BAC47B5D927C5C2FD3A0F7C9718B995E0CEA8694EBC37D8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075566Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:55.477{89999F75-EED0-60B9-1100-00000000C401}376NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=A15B7C7CCE4AF0A8D4D3A4F3096913D3,SHA256=C2CFC8F27FD1E63233A8393B22DAC4FD9B6EC806064050B305E46A7C58EE78C1,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075568Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:56.915{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7FA013B3501A6EBCEC21814971FB140C,SHA256=690D4C7B4098610E682DB4B8AB731232815325CF826F5E5F9E295FB78B866E18,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077823Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:56.192{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077822Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:56.192{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79A030E020EB1CB91315436E4BF5E01D,SHA256=EE770335F5763CF9449B0643DFBE30B7F62B8C731BC483FDD07E8706D00C648B,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077825Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:57.223{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077824Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:57.223{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=376FB1597920FF95F9795705E8C2C76A,SHA256=3E951EBE1D995F66B08EA52D6AB5DDD18BA51B93C239A1E50EDC677D61438176,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000077858Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:56.764{3F3E08E7-02E6-60BA-9106-00000000C501}6124C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-243.eu-central-1.compute.internal53548-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
11241100x800000000000000077857Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.582{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077856Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.582{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=907E875C84722266CA5707FB8E39672B,SHA256=D632C96802057A72F35A3E248A4E5A84D7F897FEFACE9596A29E9723F0F484A2,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075569Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:58.133{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2367C77BF512F34C90328401B237198C,SHA256=23ED2587A4A8D1DEF7254C5E71AE1F1F2E879B9701207234B57D494A2056B909,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000077855Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC43-60B9-4205-00000000C501}4188C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077854Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC43-60B9-4205-00000000C501}4188C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077853Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC43-60B9-4205-00000000C501}4188C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077852Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC43-60B9-4205-00000000C501}4188C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077851Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC43-60B9-4205-00000000C501}4188C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077850Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC43-60B9-4205-00000000C501}4188C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077849Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC43-60B9-4205-00000000C501}4188C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077848Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC43-60B9-4205-00000000C501}4188C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077847Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC43-60B9-4205-00000000C501}4188C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077846Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC3E-60B9-3405-00000000C501}952C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077845Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC3E-60B9-3405-00000000C501}952C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077844Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC3E-60B9-3405-00000000C501}952C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077843Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC3E-60B9-3405-00000000C501}952C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077842Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC3E-60B9-3405-00000000C501}952C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077841Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC3E-60B9-3405-00000000C501}952C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077840Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC3E-60B9-3405-00000000C501}952C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077839Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC3E-60B9-3405-00000000C501}952C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077838Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC3E-60B9-3405-00000000C501}952C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077837Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC3E-60B9-3405-00000000C501}952C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077836Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC3E-60B9-3405-00000000C501}952C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077835Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC3E-60B9-3405-00000000C501}952C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077834Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC3E-60B9-3405-00000000C501}952C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077833Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC3E-60B9-3405-00000000C501}952C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077832Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC3E-60B9-3405-00000000C501}952C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077831Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC3E-60B9-3405-00000000C501}952C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077830Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC3E-60B9-3405-00000000C501}952C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077829Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC3E-60B9-3405-00000000C501}952C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077828Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC44-60B9-4305-00000000C501}4364C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077827Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC44-60B9-4305-00000000C501}4364C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077826Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:58.036{3F3E08E7-F094-60B9-0D00-00000000C501}776808C:\Windows\system32\svchost.exe{3F3E08E7-FC44-60B9-4305-00000000C501}4364C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
11241100x800000000000000077860Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:59.821{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077859Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:23:59.821{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71DEB1D9ED0136663547E61AFCAB4476,SHA256=41A6240C1F7278780124EB60079CD4F415BE15E66F105CC165D74AE1D6D2D275,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075571Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:59.149{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01BC437EEF872B74B76F541895D8879A,SHA256=B09974ABB451FB27592E2B1203EFF05D481F52387BCBA9C8D174B6B7057527F0,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000075570Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:23:56.297{89999F75-EEEB-60B9-6C00-00000000C401}3376C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-392.attackrange.local50626-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
11241100x800000000000000077862Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:00.853{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077861Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:00.853{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A1D10755312BE6038ED80B08423E966,SHA256=F0E0B1D28CF657BDBD64EF35D540890E5243037864802D37F617825F87F0FA06,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075572Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:00.154{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=99A5FFBB01CEED7A58314FF96AE104CB,SHA256=260A6499359867933BCD551F5C61A849D9CB1D9EFEE0DF7595CB065390887F78,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077864Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:01.884{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077863Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:01.884{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8FBD40FBB9D1BCF21B4D5539AD72A1ED,SHA256=E2CCCEA7998B68EC8A2C5B3E99E0BA0D6D4A32CB1F9C5918803473A3FF590AA8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075573Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:01.169{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B71065766D5D8C64F61C28A53D7BDF3D,SHA256=4722962CE68BF3258A4079E9993ED729BC498038382D8F30962ED0F154C43B0A,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077866Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:02.900{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077865Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:02.900{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1857FA7E09A0D0C3A1EF2C9546E6815,SHA256=F2B94067C384FB701D68B139A1430A0D6D20CDBBCD957C8114C7386026E35E73,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075574Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:02.185{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D0309103A0280F68BE1C1D024C10689,SHA256=2A66C8953D015248CEFE1184E3A3B527232F1CF6A8DA5B5A8BDE2303A9E269C4,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077868Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:03.978{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077867Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:03.978{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06420F4BF9424CCE4679D60E6BF8A082,SHA256=BD3D8116CA7C00E7D5D30816223C877E0E6D16026646D8FAFE8571BB8D272777,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075577Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:03.325{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=05E31E910C6F6557FD0E2E14577FDB14,SHA256=F241420D4B3F7C6D47AF6149C3ACA69C9A37A0B6AF120126918A126953AEE78A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075576Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:03.325{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=10FBFE626FADB129ABD586867B3C3BD7,SHA256=189157851A4BB21C33C751ECD1BFADF32A3B8B2B172550BD70627B0A3524027A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075575Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:03.200{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47B7471B76D5A98E161EBB349ECDEB4B,SHA256=F0929D93C06420849A67A58A77FA757A4B07AFF02E77F9FD0EA818FBEBCA5ABC,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000075579Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:01.301{89999F75-EEEB-60B9-6C00-00000000C401}3376C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-392.attackrange.local50627-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000075578Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:04.216{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=055F975CE1125A79C4E0D8BA30A50C05,SHA256=FBF94B9E6EDB72D83B09CE118D7F5637C0104435E93AF2E07F82F3B5A988ABB5,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000077871Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:01.987{3F3E08E7-02E6-60BA-9106-00000000C501}6124C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-243.eu-central-1.compute.internal53549-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
11241100x800000000000000077870Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:05.025{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077869Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:05.025{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE0584530E9C23B6ACC5B4A1C05C21D0,SHA256=CB7154CC8CF40C5746D8EE237EE17013CE7769BAEA98C5C279A7192734EE4E94,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075580Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:05.232{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4350E7BD283110F7C43D366B80C0A04A,SHA256=A59679383AAFD253FC6B3BA1FCDCB9ED5922EB599193BC69CBBB50BBF5CFB6AB,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075581Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:06.247{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC902E05AE5B73F0D164B5C65DE61664,SHA256=DD9FE8B50702243AC13F003FE283AFE34AFD51E0B0250978BB5392C9E46E0E7E,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077873Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:06.040{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077872Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:06.040{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEA62A53AF973DC275D526BE7D53154C,SHA256=AA3A2094E6097E3C3D6CDC41DEEC07F8E5AEF07926AE0A6A5486230AD6EC4B74,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075582Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:07.263{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=166CBF21F0F9B15F2E3668D93720A834,SHA256=1576DD9A58EDDCEFE3CAD22E84AB7EB981C495D2F02BFE79D1AE48F31377E1DF,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077875Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:07.056{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077874Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:07.056{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5FFCE7E1F86CEF52AE456936FC992792,SHA256=22CFD69E59E61D2C62084A16A3159A8A6213F4CBA54F2D8E0363E77021F1E66B,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075583Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:08.279{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C970B5AC703D5C1A36DAFF75EE79FF6E,SHA256=ADD43647D6C89C0CA6788FAFB17F0952137915E6A4D9A273E35108C395944F23,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077877Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:08.056{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077876Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:08.056{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A90B84CC403EF652A87191BFBB30FF54,SHA256=497C05FF940B5CE73407B96BBB58E0EA927AC9DE76AC26E63B20067BC243BE77,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077879Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:09.087{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077878Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:09.087{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=69E6567DA2C32693EE38C6948744D068,SHA256=21C650985D110804C23FE5BABA5BF0E103AFB0CC95B0A231E55D1C5A7B0E01F5,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075585Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:09.294{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A40D699521A2496DC0F5F48F5173F27,SHA256=CCB0A0DFE955032800D61696D52AAF5F886E5057BA7233B882E9A6A136546186,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000075584Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:06.333{89999F75-EEEB-60B9-6C00-00000000C401}3376C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-392.attackrange.local50628-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
11241100x800000000000000077882Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:10.103{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077881Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:10.103{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58BA7F85DAB118CA08709F0F66F413AF,SHA256=CBB1B518C2282BEEE2356A64C5D8E29D2B11FAFB4F7E624DDA342B52AF1AC8F0,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075586Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:10.310{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE70633E4468BC280709251223667745,SHA256=33F3364B7D6337BE3173E37F341BA16B2E9DA2BD20B2CCD0973BE4F6FC860272,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000077880Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:07.971{3F3E08E7-02E6-60BA-9106-00000000C501}6124C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-243.eu-central-1.compute.internal53550-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000075587Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:11.325{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=910D2AD81BB5BD077752152BA2411C03,SHA256=3228BB206BFABA35285BC809F58188718893D6A6C04775FCB8C0D133EE2E1EB2,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077886Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:11.212{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077885Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:11.212{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB27155CD8C2E20DA03E3B6ECD73298F,SHA256=55A687B7D0B1E4988084AF7FA307D6D7F4E9C23A1EBF2253F3B3200FDAB0D176,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077884Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:11.118{3F3E08E7-FC3E-60B9-3405-00000000C501}952C:\Windows\Explorer.EXEC:\Temp\test\license-eula.rtf2021-06-04 14:24:11.118
11241100x800000000000000077883Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:11.118{3F3E08E7-FC3E-60B9-3405-00000000C501}952C:\Windows\Explorer.EXEC:\Temp\test\openssl.cnf2021-06-04 14:24:11.118
23542300x800000000000000075588Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:12.327{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=272BF71E23B74D18FF83B215ACB89048,SHA256=C84137F416B91E041211F13DE71A785AF0632A6EE93BFA847BF7CFFF21867B61,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077888Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:12.243{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077887Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:12.243{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=620C73AB33EB8295A930846AD6484B88,SHA256=3BB97137A80AF8E5782C18A7A20586CC341767B497D76520EBE40720E1B7BD49,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077890Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:13.275{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077889Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:13.275{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A555D2E6566285CE6CD91668C8B5A9CA,SHA256=0B9D2B1030F67D3F3203A83FD99C16D89646C7FA974CF636A0D60D8FA1014F4A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075589Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:13.327{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93367A8EFFE22D0E4D655FEAD1D6A390,SHA256=40F4B7D55DCD657AA0F7FEE4CD52EC95C1D40507C959368438E57C9F91092848,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077892Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:14.290{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077891Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:14.290{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2162E5F79498FDFA06FE2D2AB2AA4A1,SHA256=5030F11110596AD108510185A9F214D865D2082535B3EE5FD77471837B6878AB,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000075592Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:12.365{89999F75-EEEB-60B9-6C00-00000000C401}3376C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-392.attackrange.local50629-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000075591Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:14.343{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=12BE6B59A9320B4D2B08F23CA2727101,SHA256=C2A2FA8805ED6B51D1CA892126D9D2BA84FA96963C867241D1A24C96C3CCF4D8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075590Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:14.264{89999F75-EEE0-60B9-2D00-00000000C401}2980NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=E787AE74F389A1BD79FA5CAE42113AF9,SHA256=75A92A74657C280F5B2D1AEF350C3E4430D673CECFA873EAFEE8F06028F98FC6,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075593Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:15.358{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D7C3AAF4E2C4BB479AC0A6C609B47C1,SHA256=21BE2F3435712898D2198F92BD9440D83A6E23DD5AEC02B0C31DBBA6DAA7C6BA,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077894Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:15.306{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077893Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:15.306{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B81A1AFDAC334DCD1CC228AB784B7A0E,SHA256=FE4C5C0A4B9716B906C077A80C7FBE2F388FCA37BD90C59A269B165C6DC53328,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000075595Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:13.428{89999F75-EEE0-60B9-2D00-00000000C401}2980C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-392.attackrange.local50630-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089-
23542300x800000000000000075594Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:16.374{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21B10FB4B234F8B3E82BF5185A90BF0F,SHA256=9974764F9446FC6680AA075D9056FEB3A99A7FAC8AAB0F2B97A6F118D3DB28CB,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077897Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:16.321{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077896Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:16.321{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C8AD7DF367EAA3B49A22A758FCBF9E4,SHA256=F4D6D0AD77352778B9B6B2433D3E89D783FD9E8CA64388EB015B50905F342ACB,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000077895Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:13.799{3F3E08E7-02E6-60BA-9106-00000000C501}6124C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-243.eu-central-1.compute.internal53551-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
11241100x800000000000000077899Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:17.337{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077898Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:17.337{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9243F375209B903C062D5DA159FB0731,SHA256=7D535F15B4AB529ED5E756D62FBBAEDED0700DB3BF7B94C646E5008FDABC37D3,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075596Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:17.374{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C216F1E5BA945C1B865A4BBB8566BE2,SHA256=3604F0F5808073916CD9887ED5A99888B59E39508EB9A17C9FEC176828AAE337,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077901Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:18.337{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077900Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:18.337{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2545ECC041DFEA97D4A4B2AD290FEFD9,SHA256=C64E18590EDE913B8DB3323F9F186764125194410BD74134ABC520669D9AAD94,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075597Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:18.389{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=97ADD37BB6A38342545D869B19BC794A,SHA256=97A953475B3B7DE7C8C88960C8669617600F921669940382F16EAB69DC0DF30E,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000075611Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:19.781{89999F75-EEE1-60B9-3700-00000000C401}34083428C:\Windows\system32\conhost.exe{89999F75-3793-60BA-D50D-00000000C401}2024C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075610Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:19.781{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075609Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:19.781{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075608Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:19.781{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075607Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:19.781{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075606Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:19.781{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075605Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:19.781{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075604Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:19.781{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075603Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:19.781{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075602Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:19.781{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075601Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:19.781{89999F75-EECD-60B9-0500-00000000C401}408424C:\Windows\system32\csrss.exe{89999F75-3793-60BA-D50D-00000000C401}2024C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000075600Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:19.781{89999F75-EEE0-60B9-2D00-00000000C401}29803556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{89999F75-3793-60BA-D50D-00000000C401}2024C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000075599Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:19.782{89999F75-3793-60BA-D50D-00000000C401}2024C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{89999F75-EECE-60B9-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{89999F75-EEE0-60B9-2D00-00000000C401}2980C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000075598Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:19.405{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF4BDB231480D4827DAEFBAAC2CFE525,SHA256=468AA3E95D4D5E9A1979A8E612BBCDAB2A41DF63FAF4E8018DEA0E5932902928,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077903Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:19.353{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077902Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:19.353{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CAB8A1246D7076F00B4319F374EABFDD,SHA256=903FE49B5CA710983A037702617A98A4465B4291F17825507C227E84E61B9441,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075642Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.797{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C40C9CCB896D338597D7C64E09E8185D,SHA256=B279B1E23EACE69789C33DD0F8CD55D9CBE6FF6B19D8AD3B3568FA6D0C6CD84D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075641Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.797{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=05E31E910C6F6557FD0E2E14577FDB14,SHA256=F241420D4B3F7C6D47AF6149C3ACA69C9A37A0B6AF120126918A126953AEE78A,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000075640Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.781{89999F75-EEE1-60B9-3700-00000000C401}34083428C:\Windows\system32\conhost.exe{89999F75-3794-60BA-D70D-00000000C401}5060C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075639Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.781{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075638Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.781{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075637Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.781{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075636Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.781{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075635Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.781{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075634Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.781{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075633Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.781{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075632Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.781{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075631Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.781{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075630Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.781{89999F75-EECD-60B9-0500-00000000C401}408524C:\Windows\system32\csrss.exe{89999F75-3794-60BA-D70D-00000000C401}5060C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000075629Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.781{89999F75-EEE0-60B9-2D00-00000000C401}29803556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{89999F75-3794-60BA-D70D-00000000C401}5060C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000075628Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.782{89999F75-3794-60BA-D70D-00000000C401}5060C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{89999F75-EECE-60B9-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{89999F75-EEE0-60B9-2D00-00000000C401}2980C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000075627Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.688{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9A8283F5F226CA109F13107DBD5D60C,SHA256=1B422E86F6EC8EC9F709FF5C43DF28355202E8A929938821FC10FA04B39324D3,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000075626Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.610{89999F75-3794-60BA-D60D-00000000C401}27004912C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{89999F75-EEE0-60B9-2D00-00000000C401}2980C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
354300x800000000000000075625Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:17.381{89999F75-EEEB-60B9-6C00-00000000C401}3376C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-392.attackrange.local50631-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
11241100x800000000000000077905Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:20.356{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077904Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:20.356{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81B682A23699D547A0AEF7C512316FC7,SHA256=CDD39393495D74BA013F6D4AB57A2DEEA50D04E83D8B873D9843A590DE4E5960,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000075624Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.281{89999F75-EEE1-60B9-3700-00000000C401}34083428C:\Windows\system32\conhost.exe{89999F75-3794-60BA-D60D-00000000C401}2700C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075623Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.281{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075622Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.281{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075621Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.281{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075620Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.281{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075619Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.281{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075618Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.281{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075617Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.281{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075616Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.281{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075615Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.281{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075614Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.281{89999F75-EECD-60B9-0500-00000000C401}408424C:\Windows\system32\csrss.exe{89999F75-3794-60BA-D60D-00000000C401}2700C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000075613Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.281{89999F75-EEE0-60B9-2D00-00000000C401}29803556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{89999F75-3794-60BA-D60D-00000000C401}2700C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000075612Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:20.282{89999F75-3794-60BA-D60D-00000000C401}2700C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{89999F75-EECE-60B9-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{89999F75-EEE0-60B9-2D00-00000000C401}2980C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x800000000000000075657Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:21.987{89999F75-3795-60BA-D80D-00000000C401}36122816C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{89999F75-EEE0-60B9-2D00-00000000C401}2980C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075656Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:21.799{89999F75-EEE1-60B9-3700-00000000C401}34083428C:\Windows\system32\conhost.exe{89999F75-3795-60BA-D80D-00000000C401}3612C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075655Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:21.799{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075654Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:21.799{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075653Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:21.799{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075652Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:21.799{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075651Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:21.799{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075650Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:21.799{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075649Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:21.799{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075648Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:21.799{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075647Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:21.799{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075646Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:21.799{89999F75-EECD-60B9-0500-00000000C401}408412C:\Windows\system32\csrss.exe{89999F75-3795-60BA-D80D-00000000C401}3612C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000075645Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:21.799{89999F75-EEE0-60B9-2D00-00000000C401}29803556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{89999F75-3795-60BA-D80D-00000000C401}3612C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000075644Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:21.800{89999F75-3795-60BA-D80D-00000000C401}3612C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{89999F75-EECE-60B9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{89999F75-EEE0-60B9-2D00-00000000C401}2980C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000075643Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:21.547{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB5BB0CB71EA9FD5D82B7F18D0E87E31,SHA256=991C4F379058BDF702110AC0E57414CDE03B0B0FCF9108376900886829FA31BD,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000077908Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:18.815{3F3E08E7-02E6-60BA-9106-00000000C501}6124C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-243.eu-central-1.compute.internal53552-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
11241100x800000000000000077907Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:21.403{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077906Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:21.403{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EAF482FF906E3A994E98FEAC9DED2563,SHA256=08EF9DE76C7C402F28641FEBB3C285681456FFBEEAADF75310A62734D0FA88BE,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000075671Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:22.706{89999F75-3796-60BA-D90D-00000000C401}47561568C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{89999F75-EEE0-60B9-2D00-00000000C401}2980C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
11241100x800000000000000077910Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:22.418{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077909Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:22.418{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E7DA96E32EC9D76496237A1D25159C4,SHA256=6DA0639091A3C7250A14FF44ECD1DF547AF28624EFDD7BA24269C9CD67AAA578,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000075670Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:22.471{89999F75-EEE1-60B9-3700-00000000C401}34083428C:\Windows\system32\conhost.exe{89999F75-3796-60BA-D90D-00000000C401}4756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075669Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:22.471{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075668Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:22.471{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075667Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:22.471{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075666Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:22.471{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075665Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:22.471{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075664Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:22.471{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075663Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:22.471{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075662Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:22.471{89999F75-EECD-60B9-0500-00000000C401}408524C:\Windows\system32\csrss.exe{89999F75-3796-60BA-D90D-00000000C401}4756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000075661Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:22.471{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075660Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:22.471{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075659Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:22.471{89999F75-EEE0-60B9-2D00-00000000C401}29803556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{89999F75-3796-60BA-D90D-00000000C401}4756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000075658Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:22.472{89999F75-3796-60BA-D90D-00000000C401}4756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{89999F75-EECE-60B9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{89999F75-EEE0-60B9-2D00-00000000C401}2980C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000075674Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:23.865{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=993C8A75C9978B30856209271D83D8BA,SHA256=49154D5CD873AB5085F943786BE4023BD5D03AABB7E307B2E16587E802E6303F,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077912Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:23.481{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077911Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:23.481{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8CB20B1E27980799878297B2DC8ED332,SHA256=617CC4789EE624797869F34EDFF5557FC9285AD01D96BF6DFDA4589B54AE0CDF,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075673Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:23.068{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B06FF006B3B4014C50C10F3056FF21DE,SHA256=545C67327B18EDE4BF87C5AF6D72C3EAD774635B4490FCEE101D692869C97D04,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075672Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:23.068{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C40C9CCB896D338597D7C64E09E8185D,SHA256=B279B1E23EACE69789C33DD0F8CD55D9CBE6FF6B19D8AD3B3568FA6D0C6CD84D,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077914Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:24.715{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077913Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:24.715{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25C19900BFB1F0346B698805031711D6,SHA256=353A1A08EBFD66520C75F29458E4666CEA0D37B94D281BF4C99C3532F3838044,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075691Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:24.880{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D88DD51F1E880490835A79F97FC2E1E6,SHA256=F43C0504F545BFEA76EB6013B79710F001395E0A070AC06F7D99E09044EAE500,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000075690Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:24.661{89999F75-EEE1-60B9-3700-00000000C401}34083428C:\Windows\system32\conhost.exe{89999F75-3798-60BA-DA0D-00000000C401}416C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075689Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:24.661{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075688Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:24.661{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075687Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:24.661{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075686Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:24.661{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075685Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:24.661{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075684Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:24.661{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075683Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:24.661{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075682Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:24.661{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075681Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:24.661{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075680Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:24.661{89999F75-EECD-60B9-0500-00000000C401}408524C:\Windows\system32\csrss.exe{89999F75-3798-60BA-DA0D-00000000C401}416C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000075679Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:24.661{89999F75-EEE0-60B9-2D00-00000000C401}29803556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{89999F75-3798-60BA-DA0D-00000000C401}416C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000075678Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:24.662{89999F75-3798-60BA-DA0D-00000000C401}416C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{89999F75-EECE-60B9-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{89999F75-EEE0-60B9-2D00-00000000C401}2980C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x800000000000000075677Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:24.552{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EED0-60B9-1500-00000000C401}1208C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075676Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:24.552{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EED0-60B9-1500-00000000C401}1208C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075675Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:24.552{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EED0-60B9-1500-00000000C401}1208C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
11241100x800000000000000077916Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:25.949{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077915Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:25.949{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A32F29154F8274BEE04B4431B2A9F0D,SHA256=9FB97E4FA3CA1CE2C5D82FA12019C0644A281B7562B5D7CDF44559C4CE0E374F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075708Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:25.927{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E626C4FA96ACBDE3BAB0A8453F94653,SHA256=09671681324350E1DB4555A94E44706F5A62F5BA6156E3DA9D08E1ED23FF4EEE,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075707Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:25.677{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=404949702A0D1684EDC9FA11021C8CE6,SHA256=A96A4830A0C99C01374041D9A3A1AEE0A59E1E973CF89B0E9A0F71C657B117F9,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000075706Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:25.521{89999F75-3799-60BA-DB0D-00000000C401}6323068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{89999F75-EEE0-60B9-2D00-00000000C401}2980C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
354300x800000000000000075705Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:23.356{89999F75-EEEB-60B9-6C00-00000000C401}3376C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-392.attackrange.local50632-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
10341000x800000000000000075704Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:25.333{89999F75-EEE1-60B9-3700-00000000C401}34083428C:\Windows\system32\conhost.exe{89999F75-3799-60BA-DB0D-00000000C401}632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075703Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:25.333{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075702Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:25.333{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075701Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:25.333{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075700Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:25.333{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075699Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:25.333{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075698Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:25.333{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075697Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:25.333{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075696Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:25.333{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075695Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:25.333{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EEE0-60B9-2C00-00000000C401}2964C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075694Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:25.333{89999F75-EECD-60B9-0500-00000000C401}408424C:\Windows\system32\csrss.exe{89999F75-3799-60BA-DB0D-00000000C401}632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000075693Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:25.333{89999F75-EEE0-60B9-2D00-00000000C401}29803556C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{89999F75-3799-60BA-DB0D-00000000C401}632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000075692Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:25.334{89999F75-3799-60BA-DB0D-00000000C401}632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{89999F75-EECE-60B9-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{89999F75-EEE0-60B9-2D00-00000000C401}2980C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x800000000000000075711Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:26.958{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C98C6ABD09EBC2614DAC4E72D1B724C8,SHA256=27E2727960576FB032FBDCCD2993C8341E59E8F50AFC07DFCE3C3B4CBCF139FF,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000077917Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:24.005{3F3E08E7-02E6-60BA-9106-00000000C501}6124C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-243.eu-central-1.compute.internal53553-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
354300x800000000000000075710Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:24.434{89999F75-EECE-60B9-0B00-00000000C401}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-392.attackrange.local50633-true0:0:0:0:0:0:0:1win-dc-392.attackrange.local389ldap
354300x800000000000000075709Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:24.434{89999F75-EEE0-60B9-2800-00000000C401}2932C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-392.attackrange.local50633-true0:0:0:0:0:0:0:1win-dc-392.attackrange.local389ldap
11241100x800000000000000077919Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:27.106{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077918Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:27.106{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A58A2D590738873DF938A2479EFB59E1,SHA256=6A44032483D21008585ED8ECB6BCAA2ABC2BA1263D2715D246D5CF40127B936D,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077923Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:28.387{3F3E08E7-F094-60B9-1100-00000000C501}968C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat2021-06-04 09:22:24.815
23542300x800000000000000077922Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:28.387{3F3E08E7-F094-60B9-1100-00000000C501}968NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=8744B3A9E93A715A3048C886323EEA55,SHA256=C2EFCCC9952EB858E85B9A00AFBB9348FE39CB04104D8F108EC1DEAC0FB72F4F,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077921Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:28.121{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077920Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:28.121{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88F18F99E7826ACE84935381B229119A,SHA256=039065623333AFB4383614EEEA86B691FEDC5EF5613D74338B5D60D560243099,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075712Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:28.193{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C184B9DD24030F003E7F20B9ABFFBFA9,SHA256=114E8CD39520250AF159B392A101E54B5AD03B454B8B29D30A721D1DCC43CA30,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077925Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:29.168{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077924Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:29.168{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=207A459BBDD36707200DD37D5149C970,SHA256=E560ED236245CE066F421B2DDF66F2BAF5E9FC764386B65B03652EC74767B53D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075713Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:29.208{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7456D8F4CAAEEB53D71BD03078A69FE4,SHA256=6415F94B7C0D4C157298944C119B2EEF84019C343D780A3DE3DA2CED0F04F890,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077927Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:30.185{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077926Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:30.185{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5DB02EEAE9CC3F8A54AC851DA901F511,SHA256=3590A8CFC402A831ABD86BF291BE912A911A3150352AD77A1F388B0EDA99B607,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000075730Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:30.958{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EED0-60B9-1400-00000000C401}1068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075729Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:30.958{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EED0-60B9-1400-00000000C401}1068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075728Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:30.958{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EED0-60B9-1400-00000000C401}1068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075727Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:30.958{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EED0-60B9-1400-00000000C401}1068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075726Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:30.958{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EED0-60B9-1400-00000000C401}1068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075725Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:30.958{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EED0-60B9-1400-00000000C401}1068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075724Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:30.958{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EED0-60B9-1400-00000000C401}1068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075723Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:30.958{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EED0-60B9-1400-00000000C401}1068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075722Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:30.958{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EED0-60B9-1400-00000000C401}1068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075721Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:30.958{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EED0-60B9-1400-00000000C401}1068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075720Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:30.958{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EED0-60B9-1400-00000000C401}1068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075719Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:30.958{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EED0-60B9-1400-00000000C401}1068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075718Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:30.958{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EED0-60B9-1400-00000000C401}1068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075717Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:30.958{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EED0-60B9-1400-00000000C401}1068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075716Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:30.958{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EED0-60B9-1400-00000000C401}1068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
354300x800000000000000075715Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:28.371{89999F75-EEEB-60B9-6C00-00000000C401}3376C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-392.attackrange.local50634-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000075714Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:30.224{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0306F209DE0F66D4C34F4291729694C8,SHA256=65D065788294017BA1DC20873DF8F3CE3FFB1440CA76EE84000ABA5ADD557CE6,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075735Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:31.239{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60CA99ACDF2B70F2C1D6D0EA578B00DF,SHA256=E8FBE0EE48EF4C8EDDC8C3040E2E3FD0A035E707C355245C779056727962D5F8,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000077930Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:29.772{3F3E08E7-02E6-60BA-9106-00000000C501}6124C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-243.eu-central-1.compute.internal53554-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
11241100x800000000000000077929Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:31.264{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077928Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:31.264{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91086D8126F938744EAF2B13E406A1A2,SHA256=FE7EB906C8BE23044CDC3E0CAC08B5F38FC99D96CB34021828B434523627BF2F,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000075734Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:31.068{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EED0-60B9-1400-00000000C401}1068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075733Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:31.068{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EED0-60B9-1400-00000000C401}1068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075732Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:31.068{89999F75-EECF-60B9-0C00-00000000C401}8444968C:\Windows\system32\svchost.exe{89999F75-EED0-60B9-1400-00000000C401}1068C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000075731Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:31.068{89999F75-EECE-60B9-0B00-00000000C401}624712C:\Windows\system32\lsass.exe{89999F75-EECB-60B9-0100-00000000C401}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e
11241100x800000000000000077932Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:32.283{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077931Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:32.283{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F62AC1AD0B1E571E9880D55C4791456,SHA256=98B4811BE21E7E4D73E3429DD88F72A92B8E7BA722018700E3777F55A66C3EC6,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000075744Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:30.250{89999F75-EECB-60B9-0100-00000000C401}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:3c4a:8b18:68f0:a4d8win-dc-392.attackrange.local50637-truefe80:0:0:0:3c4a:8b18:68f0:a4d8win-dc-392.attackrange.local445microsoft-ds
354300x800000000000000075743Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:30.250{89999F75-EECB-60B9-0100-00000000C401}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:3c4a:8b18:68f0:a4d8win-dc-392.attackrange.local50637-truefe80:0:0:0:3c4a:8b18:68f0:a4d8win-dc-392.attackrange.local445microsoft-ds
23542300x800000000000000075742Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:32.271{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52728257084E9287424CF6A0F8B9EEAB,SHA256=FDB541FBD1645AAD512E7D40E20791B493AE3F3C36E0F6452C274FAB0321044D,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000075741Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:30.149{89999F75-EECE-60B9-0B00-00000000C401}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-392.attackrange.local50636-false10.0.1.14win-dc-392.attackrange.local389ldap
354300x800000000000000075740Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:30.149{89999F75-EED0-60B9-1600-00000000C401}1252C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-392.attackrange.local50636-false10.0.1.14win-dc-392.attackrange.local389ldap
354300x800000000000000075739Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:30.141{89999F75-EECE-60B9-0B00-00000000C401}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:3c4a:8b18:68f0:a4d8win-dc-392.attackrange.local50635-truefe80:0:0:0:3c4a:8b18:68f0:a4d8win-dc-392.attackrange.local389ldap
354300x800000000000000075738Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:30.141{89999F75-EED0-60B9-1600-00000000C401}1252C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:3c4a:8b18:68f0:a4d8win-dc-392.attackrange.local50635-truefe80:0:0:0:3c4a:8b18:68f0:a4d8win-dc-392.attackrange.local389ldap
23542300x800000000000000075737Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:32.005{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=971E1CFBDE82F294FC4834C06CF72787,SHA256=DCE28D343619BF128F484B51DFFB78E93E07E6001858C70E9DBFF781A5C65E8D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075736Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:32.005{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=154D2937F8E5EF4C22CAC61E38C2DA82,SHA256=C3218BFF79C8B4E681131279CB3EF5C1AC9777379BCBCD4606FE1CF603D7B503,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000077942Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:33.518{3F3E08E7-02DF-60BA-6706-00000000C501}16124500C:\Windows\system32\conhost.exe{3F3E08E7-37A1-60BA-0B0D-00000000C501}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077941Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:33.518{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077940Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:33.518{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077939Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:33.518{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077938Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:33.518{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077937Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:33.518{3F3E08E7-F093-60B9-0500-00000000C501}416532C:\Windows\system32\csrss.exe{3F3E08E7-37A1-60BA-0B0D-00000000C501}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000077936Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:33.518{3F3E08E7-02DF-60BA-6306-00000000C501}41444808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3F3E08E7-37A1-60BA-0B0D-00000000C501}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000077935Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:33.518{3F3E08E7-37A1-60BA-0B0D-00000000C501}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3F3E08E7-F094-60B9-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{3F3E08E7-02DF-60BA-6306-00000000C501}4144C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
11241100x800000000000000077934Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:33.330{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077933Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:33.330{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CED7B361703AABC5938E3D3BDE38E67F,SHA256=848E8D42CDEE8C7374C1BF5DBB0FB39363ECC53FBA173FF72387C937E2D978C7,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075745Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:33.271{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=27F832EFB7B348981CEE60DEACA6AB00,SHA256=84D9834D1AA7CF65C6B39347BF8DC74C5680AE8539F4E0CE9A7F00449BD69970,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000077965Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:34.861{3F3E08E7-02DF-60BA-6706-00000000C501}16124500C:\Windows\system32\conhost.exe{3F3E08E7-37A2-60BA-0D0D-00000000C501}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077964Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:34.861{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077963Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:34.861{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077962Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:34.861{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077961Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:34.861{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077960Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:34.861{3F3E08E7-F093-60B9-0500-00000000C501}416432C:\Windows\system32\csrss.exe{3F3E08E7-37A2-60BA-0D0D-00000000C501}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000077959Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:34.861{3F3E08E7-02DF-60BA-6306-00000000C501}41444808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3F3E08E7-37A2-60BA-0D0D-00000000C501}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000077958Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:34.862{3F3E08E7-37A2-60BA-0D0D-00000000C501}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3F3E08E7-F094-60B9-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{3F3E08E7-02DF-60BA-6306-00000000C501}4144C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
11241100x800000000000000077957Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:34.549{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Security2021-06-04 09:21:08.545
23542300x800000000000000077956Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:34.549{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3CEE81F36684C9B98AF0A65AD32FB23E,SHA256=ABA2138BEE1E2A503E0DC8640D41A4B893A615DCE8FE09A12A36E430CD455A46,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077955Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:34.549{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Security2021-06-04 09:21:08.545
23542300x800000000000000077954Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:34.549{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C933F5B371DE860DB6C9BA54CE7FC575,SHA256=13A508C764D337A6DC87700E3E48373AD492567A878FB1DD1682D29EB87E2FA7,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077953Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:34.502{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077952Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:34.502{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F0C98FEBEE0ECBD2C4D249A8DDBCD10,SHA256=C65CEC1BF5E40C119CEFBD7A2EA14936344DAD5DF5AD2FADCA8971AC0F5338C8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075746Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:34.302{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1AB9B5F580BEF7A399947F55EE78EDB5,SHA256=D0EC635478D10D0C61651C35321ED8E332F1E12EBFA637FDB86E797B82CAC055,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000077951Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:34.315{3F3E08E7-37A2-60BA-0C0D-00000000C501}24964284C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{3F3E08E7-02DF-60BA-6306-00000000C501}4144C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077950Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:34.189{3F3E08E7-02DF-60BA-6706-00000000C501}16124500C:\Windows\system32\conhost.exe{3F3E08E7-37A2-60BA-0C0D-00000000C501}2496C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077949Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:34.189{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077948Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:34.189{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077947Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:34.189{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077946Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:34.189{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077945Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:34.189{3F3E08E7-F093-60B9-0500-00000000C501}416532C:\Windows\system32\csrss.exe{3F3E08E7-37A2-60BA-0C0D-00000000C501}2496C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000077944Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:34.189{3F3E08E7-02DF-60BA-6306-00000000C501}41444808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3F3E08E7-37A2-60BA-0C0D-00000000C501}2496C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000077943Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:34.190{3F3E08E7-37A2-60BA-0C0D-00000000C501}2496C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3F3E08E7-F094-60B9-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{3F3E08E7-02DF-60BA-6306-00000000C501}4144C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
11241100x800000000000000077969Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:35.877{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Security2021-06-04 09:21:08.545
23542300x800000000000000077968Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:35.877{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3CEE81F36684C9B98AF0A65AD32FB23E,SHA256=ABA2138BEE1E2A503E0DC8640D41A4B893A615DCE8FE09A12A36E430CD455A46,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077967Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:35.518{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077966Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:35.518{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B3533CEEB84426B69CA8E23BF69F9E2,SHA256=884B96B3321422AC9EEE3520934E0DF5E3C83BE8C1C829FAC68DA0D17706225F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075747Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:35.349{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48E932C06E5D0F8A0D134554974A184A,SHA256=C64B1E342CCA1CE059327D396132F5406465F4C1A32908DD914219EE11E9D903,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000077981Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:34.964{3F3E08E7-02E6-60BA-9106-00000000C501}6124C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-243.eu-central-1.compute.internal53555-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
11241100x800000000000000077980Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:36.518{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077979Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:36.518{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6AD38C2DE238BC195A015490433776C,SHA256=35D18A3EAB0FEC6561CF4F98936461F7FD90DD7FB7BC3B30483A054372428C47,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075748Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:36.396{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=62665B493B3E46936FE4B42330442920,SHA256=6D4CB660E99C745074F043F5EF984D057217DF73FAB9876DA489E127D25CBEE5,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000077978Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:36.486{3F3E08E7-37A4-60BA-0E0D-00000000C501}55324996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3F3E08E7-02DF-60BA-6306-00000000C501}4144C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077977Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:36.361{3F3E08E7-02DF-60BA-6706-00000000C501}16124500C:\Windows\system32\conhost.exe{3F3E08E7-37A4-60BA-0E0D-00000000C501}5532C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077976Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:36.361{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077975Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:36.361{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077974Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:36.361{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077973Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:36.361{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077972Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:36.361{3F3E08E7-F093-60B9-0500-00000000C501}416432C:\Windows\system32\csrss.exe{3F3E08E7-37A4-60BA-0E0D-00000000C501}5532C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000077971Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:36.361{3F3E08E7-02DF-60BA-6306-00000000C501}41444808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3F3E08E7-37A4-60BA-0E0D-00000000C501}5532C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000077970Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:36.362{3F3E08E7-37A4-60BA-0E0D-00000000C501}5532C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{3F3E08E7-F094-60B9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3F3E08E7-02DF-60BA-6306-00000000C501}4144C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x800000000000000078002Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:37.799{3F3E08E7-37A5-60BA-100D-00000000C501}4205888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3F3E08E7-02DF-60BA-6306-00000000C501}4144C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000078001Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:37.674{3F3E08E7-02DF-60BA-6706-00000000C501}16124500C:\Windows\system32\conhost.exe{3F3E08E7-37A5-60BA-100D-00000000C501}420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000078000Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:37.674{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077999Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:37.674{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077998Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:37.674{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077997Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:37.674{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077996Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:37.674{3F3E08E7-F093-60B9-0500-00000000C501}4161012C:\Windows\system32\csrss.exe{3F3E08E7-37A5-60BA-100D-00000000C501}420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000077995Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:37.674{3F3E08E7-02DF-60BA-6306-00000000C501}41444808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3F3E08E7-37A5-60BA-100D-00000000C501}420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000077994Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:37.675{3F3E08E7-37A5-60BA-100D-00000000C501}420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3F3E08E7-F094-60B9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3F3E08E7-02DF-60BA-6306-00000000C501}4144C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
11241100x800000000000000077993Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:37.533{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000077992Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:37.533{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=42E02BFF9E6BE96F5E650DF1048B762E,SHA256=6C54408BD1F2C4AD1D455214CDD962788A2992EE0348E1841B7B3B641C12082F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075750Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:37.427{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=07DD5F06C88A3F7918CB61FD1DE27ED7,SHA256=D2A5B640681EF129EF5BFA55E72FC6225CE5C9DFCA99CE73FB1DD1C641E76AEF,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000077991Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:37.377{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Security2021-06-04 09:21:08.545
23542300x800000000000000077990Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:37.377{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CBB8E4CBCCBAEF86FCCBD2761D223D05,SHA256=A8137524685AA7C66476F72EA8A6E143CBE2E02B4FC44A0DAAD34DDA2F03953C,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000077989Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:37.033{3F3E08E7-02DF-60BA-6706-00000000C501}16124500C:\Windows\system32\conhost.exe{3F3E08E7-37A5-60BA-0F0D-00000000C501}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077988Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:37.033{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077987Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:37.033{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077986Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:37.033{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077985Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:37.033{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000077984Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:37.033{3F3E08E7-F093-60B9-0500-00000000C501}416432C:\Windows\system32\csrss.exe{3F3E08E7-37A5-60BA-0F0D-00000000C501}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000077983Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:37.033{3F3E08E7-02DF-60BA-6306-00000000C501}41444808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3F3E08E7-37A5-60BA-0F0D-00000000C501}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000077982Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:37.034{3F3E08E7-37A5-60BA-0F0D-00000000C501}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3F3E08E7-F094-60B9-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{3F3E08E7-02DF-60BA-6306-00000000C501}4144C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
354300x800000000000000075749Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:34.418{89999F75-EEEB-60B9-6C00-00000000C401}3376C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-392.attackrange.local50638-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
11241100x800000000000000078015Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:38.689{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Security2021-06-04 09:21:08.545
23542300x800000000000000078014Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:38.689{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1D6D83CB2B2501F0CE572C5B94C1258D,SHA256=C45C76C1B0E55A183E07942280D2CBA7D9FD71A22214481AE50B5A5AB22DEF7B,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000078013Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:38.549{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000078012Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:38.549{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3895E76FFF0B32DCB100513EF79C2DB6,SHA256=4BB55B3437BFF5E3753BD0690393883F7F719B46C6E2D5DF5F07A31D249C8901,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075751Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:38.552{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E28119DBE61D3611CC70DBCC061BDCAE,SHA256=3BA87696883BD428ECA1F6F13DF23285B9600E8ADAD725379193E79DE896B697,IMPHASH=00000000000000000000000000000000falsetrue
10341000x800000000000000078011Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:38.471{3F3E08E7-37A6-60BA-110D-00000000C501}55605880C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{3F3E08E7-02DF-60BA-6306-00000000C501}4144C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000078010Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:38.346{3F3E08E7-02DF-60BA-6706-00000000C501}16124500C:\Windows\system32\conhost.exe{3F3E08E7-37A6-60BA-110D-00000000C501}5560C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000078009Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:38.346{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000078008Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:38.346{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000078007Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:38.346{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000078006Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:38.346{3F3E08E7-F094-60B9-0C00-00000000C501}7281232C:\Windows\system32\svchost.exe{3F3E08E7-01DA-60BA-1706-00000000C501}4100C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x800000000000000078005Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:38.346{3F3E08E7-F093-60B9-0500-00000000C501}416532C:\Windows\system32\csrss.exe{3F3E08E7-37A6-60BA-110D-00000000C501}5560C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x800000000000000078004Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:38.346{3F3E08E7-02DF-60BA-6306-00000000C501}41444808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3F3E08E7-37A6-60BA-110D-00000000C501}5560C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x800000000000000078003Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:38.346{3F3E08E7-37A6-60BA-110D-00000000C501}5560C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3F3E08E7-F094-60B9-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{3F3E08E7-02DF-60BA-6306-00000000C501}4144C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
11241100x800000000000000078017Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:39.564{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000078016Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:39.564{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=227A4A3F9FA895683464C54CE8EA361C,SHA256=CF7E61010F2F0F34EE4AE671DFB3165609123426427563F941E3C57824FA3531,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075752Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:39.599{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A745B61FFCC91D58DE9613D838B1FBA,SHA256=6B309BC1892B8E2E8AF5DEB8ABA7825064F7000ECE5E7F2999292F7DB2055D89,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075753Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:40.646{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D491B8B5B704EFA450D123C13C5AB7AF,SHA256=CEF94C4F988636B1870C3DF92490C78C3EC43AEF9B1105514BEFE43F34D474D7,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000078019Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:40.579{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000078018Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:40.579{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=974EC2276E141CEC4C80C371F202AB00,SHA256=926C31E2E231FF92489D7C44B3C740903F734519DCFB6F3B860BB26F7FABF8BE,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000078021Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:41.595{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000078020Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:41.595{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3208011B9214B615441E5EF7F1547FC5,SHA256=4BF524840EBD0EF90476DE4CF90113374F74B27B4A38AE34FCCD59752CCA87D8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075754Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:41.661{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD8CC59D15AD0C2DD7CE1D9B36A908FC,SHA256=3C692BCE8C2A00478AE4E04F4B20A99391291E11E30339142372AB8D195EBEF9,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075757Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:42.833{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=00F7111BE4173B44B7F2778D3A4DE15B,SHA256=9A2219623362F2BACFCEBFBD80B51E845DD4126C7F62E9B26BC4F5E0C1686120,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075756Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:42.833{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=971E1CFBDE82F294FC4834C06CF72787,SHA256=DCE28D343619BF128F484B51DFFB78E93E07E6001858C70E9DBFF781A5C65E8D,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000078024Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:40.963{3F3E08E7-02E6-60BA-9106-00000000C501}6124C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-243.eu-central-1.compute.internal53556-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
11241100x800000000000000078023Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:42.611{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000075755Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:42.677{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9886914404FFC2BE4A3A409F8FA52A2A,SHA256=CA30E90F32EAC609F0E4AF0F4CCEFAF6F6020CC0E72DC74164ED590CA8B4A430,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000078022Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:42.611{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE43548E8BECE6400C20233589385813,SHA256=540BAAFB9A248F00B069E26E3639F976A5CF202A76159DC8E5812C7AF07CA0A1,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075759Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:43.865{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D02B96A97C40B6446758620712C9FA14,SHA256=9974E8096F8E630ADCC6D8C0983889DEE600B3666A85CA3ADD09ABBF8C9171BA,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000078026Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:43.626{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000078025Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:43.626{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8FB55C8E47950839FD8A93BB0A243444,SHA256=81BE66AC88EF9FE24D7DC4ABF9836EC1213C07A50DB700F99F1A949077AA6CF3,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000075758Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:40.247{89999F75-EEEB-60B9-6C00-00000000C401}3376C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-392.attackrange.local50639-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000075760Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:44.880{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D7BEF1CE72567F65B1DE020A92608881,SHA256=6A4DC25E9A9101BC34E8970D661BD9C3781E05AE618A097599071D6960AE75CD,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000078028Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:44.642{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000078027Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:44.642{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A3E82361B28374CEBC6044FC0944F43,SHA256=DBB13F3FC3043D0BFE0ECB8B51E57A14554476087DD5E542CE3F9AC0C220CE78,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075761Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:45.943{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6FD09BC79F2076BFEFA306F41FFC709D,SHA256=18B2173D3E897C373ADDD187C5460A53FBC9598BE2AF4499FD50B65F1C696690,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000078030Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:45.657{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000078029Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:45.657{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0DB87BB83A87BD688A32EEDB9059A793,SHA256=454A17DAC535864DD7BDA5D19AEBCAA974ED3B38FC64FEE14114BA5FBCAF0C05,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000078032Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:46.689{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000078031Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:46.689{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=074F2259DD894FE69DC8306B808B92D3,SHA256=4B49CC77212D746F9609EAAEB8FD21DE0E408F917D267B7A625DA89CF21D1E55,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075762Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:46.974{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A64217E14688697C4F9842174D6CEFF,SHA256=148AD7702AB3EFCAE09404440B9A4F2B222914AACBF7524BB115B2ED26E1010A,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000078034Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:47.767{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000078033Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:47.767{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B5765C3CF84FCDDCB5DC4946711665A,SHA256=3896891A9BBD6A6B243FDAC304880A6E08AB23CFB4C930BDDC816387B6524565,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000075763Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:45.247{89999F75-EEEB-60B9-6C00-00000000C401}3376C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-392.attackrange.local50640-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
11241100x800000000000000078036Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:48.798{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000078035Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:48.798{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=97CFBC7D9744E8C0D12CE067452A8DB7,SHA256=145FA74BF307C8EC4EBD0158CB7E8AD9FE04FF28C41AB84B62E5A72C36725AC8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075764Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:48.005{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD119E28490575BB0F984BC8BCA4EC35,SHA256=6CFAC9359D0C459D87391F745CA348CE7CE83640ED23FC1D3801FAA0D44C3C8B,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000078037Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:46.963{3F3E08E7-02E6-60BA-9106-00000000C501}6124C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-243.eu-central-1.compute.internal53557-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000075765Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:49.036{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=889CA0877182DACD1EB7F734CB54BE33,SHA256=A99DCC375F42E834F7909296F8DF40932C35FE8B0907E807D1CB9815B1B16C30,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075766Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:50.271{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B5FA7249E570FEA1D5E774E86F51E80,SHA256=835D7AB1A1FB65F2634644FB1441F4384341C78432DEECAD2DAE11F7B8EBA443,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000078041Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:50.392{3F3E08E7-02DF-60BA-6306-00000000C501}4144C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xml2021-06-04 09:23:23.209
23542300x800000000000000078040Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:50.392{3F3E08E7-02DF-60BA-6306-00000000C501}4144NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=E787AE74F389A1BD79FA5CAE42113AF9,SHA256=75A92A74657C280F5B2D1AEF350C3E4430D673CECFA873EAFEE8F06028F98FC6,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000078039Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:50.017{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000078038Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:50.017{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54EAA79DB038753E8DACBFD562095165,SHA256=BEF7DFE9349A1A895690FB3439045D5988C524A6A2B57646CB9AC16B3772D667,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075767Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:51.286{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E996601F4E3CA5EA0A8C1D978F16166,SHA256=30DF333EA2674105697470E015AE56B9741DA40210C6ED3BC06DA4C1B320201B,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000078043Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:51.251{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000078042Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:51.251{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C507986488D29C05B435C8AEBE5B842,SHA256=5D531045DBBB185EB3036A819142A18C70ADF17923A148CC62D49710A3F13EEA,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075768Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:52.302{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E4A25DDBBE9FF6113975C8BE1C79C1F,SHA256=F42B05A4A4143677CFC4205CDD11703E24A6130230AC0B61C6466E233FFFA968,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000078046Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:52.454{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000078045Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:52.454{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1550FF275962498C0542B27A966C438E,SHA256=3FA5453BBFB38ECE03F8CC83CBB9E6111A497DF95A26EC1AF1F6C8A946D29654,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000078044Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:50.135{3F3E08E7-02DF-60BA-6306-00000000C501}4144C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-243.eu-central-1.compute.internal53558-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089-
11241100x800000000000000078048Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:53.470{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000078047Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:53.470{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6EC0639266FC8E8D8DFDA2D1E76413AE,SHA256=D1D0D2F5FC5E245C16E39DC0BD313A9DC7AC522F971F29FAE08D6CDCF7DEDE17,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000075770Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:51.277{89999F75-EEEB-60B9-6C00-00000000C401}3376C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-392.attackrange.local50641-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000075769Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:53.317{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=02F00E9A96CA6589BCFB366122B3FB3A,SHA256=1792028FDCC59D174A8A1F7FF35A09AA46744BEA94B13532492F6C009D21F39C,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000078051Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:54.704{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000078050Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:54.704{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9AD95C7D2EA1D6180C26375058DACF88,SHA256=3EBF8E080392E78951ADDEBC1815A222390627EA7597D04012C26DDAF1999C8A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075771Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:54.333{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7088557D492D74826653C57E0D7103C1,SHA256=B2A2C91210F1D53FE5C7EA1EC18EFEC5D4F888AAEF9417D9AE2236925F0A8877,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000078049Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:51.963{3F3E08E7-02E6-60BA-9106-00000000C501}6124C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-243.eu-central-1.compute.internal53559-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
11241100x800000000000000078053Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:55.798{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000078052Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:55.798{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC853F2972DDB2AD49EFC8CB27989971,SHA256=F90E5E34368240998AB35FD007EBC812D44C80B6787AB72B29A1A1CBFF948294,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075773Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:55.489{89999F75-EED0-60B9-1100-00000000C401}376NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=20057218F4F39D4D80597B43DB9C7761,SHA256=778CAD931784F97A86DF215160555C7B05CD50C9A5F56687957136599198DADE,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075772Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:55.349{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8792C55A7A6DA1C1ADB4C5A478BE477D,SHA256=71A97428EE420FB8E68B5D27B38EB195D9BB3BDB5443A4C13D5F4D04ACC69AD2,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000078055Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:56.814{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000078054Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:56.814{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E1A9786F0A91CF389499C3F8003E7FC,SHA256=9B0048BBC5C737A9AAF6614F2152DB59B2FD0E620CC3C4DC1B2FE96E9D4B6809,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075774Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:56.364{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA28DC81A1E45A092F59F909F9388849,SHA256=51C40F967AFE87FBD35655F787C02299E43789C1CB5278F581C543E0C0AE590F,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000078057Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:57.829{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000075775Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:57.380{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B3DB34E5706BA21B50B5061448F2F212,SHA256=63603D0C1D76C699DF45E09026CDD81472F466229BE61D9E8BC96E747050A50D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000078056Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:57.829{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8189AB18DC3FFE7431FAC86BDF3CAC7,SHA256=ED7C6A3CA885EA6F3BBC7EF15D06CFC503359B3667A8245F94661252DC7B91FD,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000078059Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:58.845{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000078058Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:58.845{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F1304CFFF96A3E445A8BE19A33CC8E9,SHA256=BEB344BC7CA4DC67BA22AFE2B9BCF0C29A8454F802F5C156205E0166764FF72F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075776Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:58.396{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64053814E4F0A8622918425061764273,SHA256=01D82BB3522C30D8D63B2D8742E603C72FECACDD53D12369E39700EA8028A917,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000078061Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:59.846{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000078060Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:59.846{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=601350BA8E93C6174F38A36F02A25104,SHA256=9BDDD5AF37088B6D89A01EDB707BBABDB9A22B22FC47AC3985510A9B67BDF2BB,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000075778Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:57.308{89999F75-EEEB-60B9-6C00-00000000C401}3376C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-392.attackrange.local50642-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000075777Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:24:59.411{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=729160BD616BEC11F2D1CCA99CBAFC21,SHA256=8A051DF0DB39609651E5884C8891D21093EAAC15643E532DEB1AA5C99AAEA5A4,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000078064Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:25:00.846{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000078063Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:25:00.846{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B903FAC8CAF55D8C727A9AC69EF5DC01,SHA256=FB4D0024C106B450E8B3FA41422FAC3EC72CF0C129529F6E36A799E536BFF8A1,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075779Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:25:00.412{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F42AD1FBCA5ACFED500F5C69D9386068,SHA256=7CE89F720AE2E546C9EB44B203498AC99CB671A47B8518F7FB138F1CF547E933,IMPHASH=00000000000000000000000000000000falsetrue
354300x800000000000000078062Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:24:56.994{3F3E08E7-02E6-60BA-9106-00000000C501}6124C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-243.eu-central-1.compute.internal53560-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x800000000000000075780Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:25:01.584{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=12D1BFA4C8ED1A326D7D78EA9D83DAAA,SHA256=1322A5610C25A89F09136B1BE4833A3AEE085B4C3B73574A1E35742AF6AD5280,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000078066Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:25:01.861{3F3E08E7-02EC-60BA-9B06-00000000C501}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_Operational2021-06-04 09:21:55.073
23542300x800000000000000078065Microsoft-Windows-Sysmon/Operationalwin-host-243-2021-06-04 14:25:01.861{3F3E08E7-02EC-60BA-9B06-00000000C501}4412NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5519B668A6E5898394C283C74E66E44A,SHA256=682B7F7D491A133A4C55246FCFF2F15053275A64DD3FCA49BE1150001C6DB5C9,IMPHASH=00000000000000000000000000000000falsetrue
23542300x800000000000000075781Microsoft-Windows-Sysmon/Operationalwin-dc-392.attackrange.local-2021-06-04 14:25:02.584{89999F75-EEF2-60B9-7500-00000000C401}3476NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58AC323B512921C0D68CB5FB4C4DB633,SHA256=9DACB3CD8D85C90DA75D144734B0CF841A6ED4AAA472083D083E5FB0DEA22400,IMPHASH=00000000000000000000000000000000falsetrue
11241100x800000000000000078068Microsoft-Windows-Sysmon/Operational