23542300x8000000000000000889466Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:41.832{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7359EA1427D14ACCE5E0DD571BF4EDBD,SHA256=F8BE4F5611E829CEA96F14DB2508CFBED564A65A4574F315E7055B70B64B0786,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001026261Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:41.729{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DD8-60FA-1500-00000000E601}1132C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026260Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:41.729{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DD8-60FA-1500-00000000E601}1132C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026259Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:41.729{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DD8-60FA-1500-00000000E601}1132C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026258Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:41.729{2E2BE06D-6DD6-60FA-0B00-00000000E601}6364432C:\Windows\system32\lsass.exe{2E2BE06D-6DD3-60FA-0100-00000000E601}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e
10341000x80000000000000001026257Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:41.620{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DD8-60FA-1500-00000000E601}1132C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026256Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:41.620{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DD8-60FA-1500-00000000E601}1132C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026255Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:41.620{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DD8-60FA-1500-00000000E601}1132C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026254Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:41.620{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DD8-60FA-1500-00000000E601}1132C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026253Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:41.620{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DD8-60FA-1500-00000000E601}1132C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026252Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:41.620{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DD8-60FA-1500-00000000E601}1132C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026251Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:41.620{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DD8-60FA-1500-00000000E601}1132C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026250Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:41.620{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DD8-60FA-1500-00000000E601}1132C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026249Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:41.620{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DD8-60FA-1500-00000000E601}1132C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026248Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:41.620{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DD8-60FA-1500-00000000E601}1132C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026247Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:41.620{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DD8-60FA-1500-00000000E601}1132C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026246Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:41.620{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DD8-60FA-1500-00000000E601}1132C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026245Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:41.620{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DD8-60FA-1500-00000000E601}1132C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026244Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:41.620{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DD8-60FA-1500-00000000E601}1132C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026243Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:41.620{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DD8-60FA-1500-00000000E601}1132C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x80000000000000001026242Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:41.120{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=148181A56BF130DB7890C44732A25773,SHA256=FF14A7630D84304E1173559F69F4AA05713A5E733F42F3D9DEFE01A9BDDF6919,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889467Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:42.847{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=039CD7A81937031B68B97993CAD8F734,SHA256=2A8879F8E049D081A3482001669A817FAAD60A92BD5182584FF138F0C3721315,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001026270Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:42.864{2E2BE06D-6DD3-60FA-0100-00000000E601}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:90d2:7368:bb37:9ac5win-dc-56.attackrange.local59139-truefe80:0:0:0:90d2:7368:bb37:9ac5win-dc-56.attackrange.local445microsoft-ds
354300x80000000000000001026269Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:42.864{2E2BE06D-6DD3-60FA-0100-00000000E601}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:90d2:7368:bb37:9ac5win-dc-56.attackrange.local59139-truefe80:0:0:0:90d2:7368:bb37:9ac5win-dc-56.attackrange.local445microsoft-ds
354300x80000000000000001026268Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:42.765{2E2BE06D-6DD6-60FA-0B00-00000000E601}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-56.attackrange.local59138-false10.0.1.14win-dc-56.attackrange.local389ldap
354300x80000000000000001026267Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:42.765{2E2BE06D-6DD8-60FA-1000-00000000E601}384C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-56.attackrange.local59138-false10.0.1.14win-dc-56.attackrange.local389ldap
354300x80000000000000001026266Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:42.756{2E2BE06D-6DD6-60FA-0B00-00000000E601}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:90d2:7368:bb37:9ac5win-dc-56.attackrange.local59137-truefe80:0:0:0:90d2:7368:bb37:9ac5win-dc-56.attackrange.local389ldap
354300x80000000000000001026265Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:42.756{2E2BE06D-6DD8-60FA-1000-00000000E601}384C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:90d2:7368:bb37:9ac5win-dc-56.attackrange.local59137-truefe80:0:0:0:90d2:7368:bb37:9ac5win-dc-56.attackrange.local389ldap
23542300x80000000000000001026264Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:42.714{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=770813C802D62FBE512EC1B84D392BF1,SHA256=950511187A93D25D81A19F4CA0819DD9C7BDF03AB2C02AE2315C3794AF7BBC10,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026263Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:42.714{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=695BD4A72F7D4F0A9143AC016744AEF9,SHA256=B5AF8C4D15412E31F355F3D9DF14305505C1BDA4F007AF0667EFD9033B30E4F9,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026262Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:42.135{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA5B75F52A97907A260F4C4D7D0FC720,SHA256=8ACD0DA9A61266959BA6BC64BC58CEDE24CC3AAFDEA881DD3796F30BDE29CA42,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889468Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:43.863{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8A96B5E70E19AA5DFE770A4C6BFB875,SHA256=41B5945E687DFA0CCB5FF2F654C8139388FE349A0B342B964F3279C8048A6255,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026271Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:43.151{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3639E446186CFD2DAD61C1750D0FE4C,SHA256=A615078923484AF1870A2D9295ED9F259157CF9CE284C5D2880146BDA74DC623,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889469Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:44.878{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=328D7C6E6294868BEDCA4BC288BA6B49,SHA256=87B00E400600CF0ACE621D85645D40D0971D0E7512138F4F16DD98C69FAD8835,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001026299Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.885{2E2BE06D-6DE9-60FA-3300-00000000E601}31563176C:\Windows\system32\conhost.exe{2E2BE06D-6F6C-60FE-0679-00000000E601}4704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026298Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.885{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026297Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.885{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026296Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.885{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026295Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.885{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026294Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.885{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026293Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.885{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026292Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.885{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026291Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.885{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026290Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.885{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026289Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.885{2E2BE06D-6DD6-60FA-0500-00000000E601}416432C:\Windows\system32\csrss.exe{2E2BE06D-6F6C-60FE-0679-00000000E601}4704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001026288Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.885{2E2BE06D-6DE8-60FA-2700-00000000E601}28923740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2E2BE06D-6F6C-60FE-0679-00000000E601}4704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001026287Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.871{2E2BE06D-6F6C-60FE-0679-00000000E601}4704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2E2BE06D-6DD6-60FA-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{2E2BE06D-6DE8-60FA-2700-00000000E601}2892C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x80000000000000001026286Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.385{2E2BE06D-6F6C-60FE-0579-00000000E601}49805876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{2E2BE06D-6DE8-60FA-2700-00000000E601}2892C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026285Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.198{2E2BE06D-6DE9-60FA-3300-00000000E601}31563176C:\Windows\system32\conhost.exe{2E2BE06D-6F6C-60FE-0579-00000000E601}4980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026284Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.198{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026283Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.198{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026282Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.198{2E2BE06D-6DD6-60FA-0500-00000000E601}416432C:\Windows\system32\csrss.exe{2E2BE06D-6F6C-60FE-0579-00000000E601}4980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001026281Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.198{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026280Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.198{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026279Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.198{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026278Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.198{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026277Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.198{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026276Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.198{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026275Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.198{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026274Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.198{2E2BE06D-6DE8-60FA-2700-00000000E601}28923740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2E2BE06D-6F6C-60FE-0579-00000000E601}4980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001026273Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.183{2E2BE06D-6F6C-60FE-0579-00000000E601}4980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{2E2BE06D-6DD6-60FA-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{2E2BE06D-6DE8-60FA-2700-00000000E601}2892C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x80000000000000001026272Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.151{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4906E87E93960A8CFA5B84DF91EF0ABB,SHA256=143BA7EA44BA766D9C9F9B67B7CB944745BB8D47765E163B962AC6DEDA1FFBE8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889471Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:45.878{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6AFFCEF60EB7881E31F52E5051CD7349,SHA256=60DF8C87491D00EB7E295F6C5CD1F532959568F98B1B197DB6B9BB7B2576E37D,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001026316Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:45.745{2E2BE06D-6F6D-60FE-0779-00000000E601}9522540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{2E2BE06D-6DE8-60FA-2700-00000000E601}2892C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026315Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:45.573{2E2BE06D-6DE9-60FA-3300-00000000E601}31563176C:\Windows\system32\conhost.exe{2E2BE06D-6F6D-60FE-0779-00000000E601}952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026314Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:45.573{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026313Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:45.573{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026312Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:45.573{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026311Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:45.573{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026310Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:45.573{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026309Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:45.573{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026308Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:45.573{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026307Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:45.573{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026306Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:45.573{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026305Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:45.573{2E2BE06D-6DD6-60FA-0500-00000000E601}416420C:\Windows\system32\csrss.exe{2E2BE06D-6F6D-60FE-0779-00000000E601}952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001026304Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:45.573{2E2BE06D-6DE8-60FA-2700-00000000E601}28923740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2E2BE06D-6F6D-60FE-0779-00000000E601}952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001026303Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:45.558{2E2BE06D-6F6D-60FE-0779-00000000E601}952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2E2BE06D-6DD6-60FA-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{2E2BE06D-6DE8-60FA-2700-00000000E601}2892C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
354300x80000000000000001026302Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:44.598{2E2BE06D-6DD8-60FA-0F00-00000000E601}368C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse212.102.34.235unn-212-102-34-235.datapacket.com46789-false10.0.1.14win-dc-56.attackrange.local3389ms-wbt-server
23542300x80000000000000001026301Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:45.214{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3098E462040382CFD73AA68FBA914465,SHA256=C8E7DB9153220D73D3796468A9B412041673D97D57325B75F1BAD5D99C7688EE,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889470Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:45.269{D94AFF6C-6DD8-60FA-1100-00000000E701}972NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=CE2FDEB298F5E70B7BCC413921E642F6,SHA256=F3B15B747250676C0DFDE8CB6418BB1DD9FDE9E29A7E261B47DC9446D3DAC208,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026300Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:45.089{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=770813C802D62FBE512EC1B84D392BF1,SHA256=950511187A93D25D81A19F4CA0819DD9C7BDF03AB2C02AE2315C3794AF7BBC10,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889473Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:46.894{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B6266DA8AD1C619F30FDABE2D83B19EA,SHA256=442908254AFEB52A1BB19DB8EC2F75AEAFE38F00D1D63DDB9FEB6D6185D38849,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001026346Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.901{2E2BE06D-6DE9-60FA-3300-00000000E601}31563176C:\Windows\system32\conhost.exe{2E2BE06D-6F6E-60FE-0979-00000000E601}2448C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026345Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.885{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026344Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.885{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026343Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.885{2E2BE06D-6DD6-60FA-0500-00000000E601}416420C:\Windows\system32\csrss.exe{2E2BE06D-6F6E-60FE-0979-00000000E601}2448C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001026342Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.885{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026341Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.885{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026340Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.885{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026339Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.885{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026338Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.885{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026337Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.885{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026336Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.885{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026335Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.885{2E2BE06D-6DE8-60FA-2700-00000000E601}28923740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2E2BE06D-6F6E-60FE-0979-00000000E601}2448C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001026334Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.872{2E2BE06D-6F6E-60FE-0979-00000000E601}2448C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2E2BE06D-6DD6-60FA-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{2E2BE06D-6DE8-60FA-2700-00000000E601}2892C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x80000000000000001026333Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.870{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A242C77C43377C66C114C5AB461B74A,SHA256=FF7E0B5DB1054DCFBFE542E2F1FCCC85A5ABF51C06BDD1FC8F8FF834558F9593,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026332Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.870{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CC147098CC7AF95E78DBCCE586BB50E3,SHA256=EB756775957FADB3659AB425931BC53AA88E703E12780CE7C170A9AA7E92EF4C,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001026331Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:45.266{2E2BE06D-6DF4-60FA-6900-00000000E601}3676C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-56.attackrange.local59140-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
10341000x80000000000000001026330Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.479{2E2BE06D-6F6E-60FE-0879-00000000E601}64605180C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{2E2BE06D-6DE8-60FA-2700-00000000E601}2892C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
354300x8000000000000000889472Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:35.110{D94AFF6C-6DE2-60FA-6100-00000000E701}3628C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-702.eu-central-1.compute.internal52455-false10.0.1.12-8000-
10341000x80000000000000001026329Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.260{2E2BE06D-6DE9-60FA-3300-00000000E601}31563176C:\Windows\system32\conhost.exe{2E2BE06D-6F6E-60FE-0879-00000000E601}6460C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026328Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.260{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026327Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.260{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026326Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.260{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026325Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.260{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026324Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.260{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026323Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.260{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026322Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.260{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026321Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.260{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026320Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.260{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026319Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.260{2E2BE06D-6DD6-60FA-0500-00000000E601}416536C:\Windows\system32\csrss.exe{2E2BE06D-6F6E-60FE-0879-00000000E601}6460C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001026318Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.260{2E2BE06D-6DE8-60FA-2700-00000000E601}28923740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2E2BE06D-6F6E-60FE-0879-00000000E601}6460C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001026317Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:46.245{2E2BE06D-6F6E-60FE-0879-00000000E601}6460C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2E2BE06D-6DD6-60FA-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{2E2BE06D-6DE8-60FA-2700-00000000E601}2892C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x8000000000000000889474Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:47.910{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=149439B933C2855E1804BACDEE1DB36F,SHA256=A5061FFFF0059D3C17AEE73A99BC5CB765D3864D7D4CD12AD1CE403F7E76D6D9,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026362Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:47.870{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=56A209CD64BA517AAA7629D582D442A2,SHA256=B4C55F4490B0DB69F5C78125D0A8C04B4ED327806724BE1FDFD6AF6322F7A218,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001026361Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:47.580{2E2BE06D-6DE9-60FA-3300-00000000E601}31563176C:\Windows\system32\conhost.exe{2E2BE06D-6F6F-60FE-0A79-00000000E601}6112C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026360Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:47.580{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026359Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:47.580{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026358Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:47.580{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026357Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:47.580{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026356Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:47.580{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026355Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:47.580{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026354Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:47.580{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026353Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:47.580{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026352Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:47.580{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026351Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:47.580{2E2BE06D-6DD6-60FA-0500-00000000E601}416432C:\Windows\system32\csrss.exe{2E2BE06D-6F6F-60FE-0A79-00000000E601}6112C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001026350Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:47.580{2E2BE06D-6DE8-60FA-2700-00000000E601}28923740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2E2BE06D-6F6F-60FE-0A79-00000000E601}6112C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001026349Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:47.558{2E2BE06D-6F6F-60FE-0A79-00000000E601}6112C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2E2BE06D-6DD6-60FA-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{2E2BE06D-6DE8-60FA-2700-00000000E601}2892C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x80000000000000001026348Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:47.557{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20043CB3F775EA3A6DEF1F02B54CDA67,SHA256=44F6214C3D760ECE2C4901D1AEA46A3EDBD05E1554B4C0525567906E83D68C5F,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001026347Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:47.104{2E2BE06D-6F6E-60FE-0979-00000000E601}24485164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{2E2BE06D-6DE8-60FA-2700-00000000E601}2892C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x8000000000000000889475Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:48.925{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EDE1392216699B454F614AA943218F2,SHA256=C8867F9D7ABB3B7B5BF757E2DB5C45275B380DCFE81FA4307C02C587181A74C3,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001026364Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:48.089{2E2BE06D-6DD8-60FA-0F00-00000000E601}368C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse193.93.62.20-10646-false10.0.1.14win-dc-56.attackrange.local3389ms-wbt-server
23542300x80000000000000001026363Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:48.573{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4ED3437484893E9E653BB3AD85EC36AC,SHA256=47F595C7CCF928FEC78CE3C47263DE1002E11DA61F5FE91DEC359E7B921013E6,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889477Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:49.941{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34F9B7C50D37224906174DEB3C48EB82,SHA256=A9F0B52E23A3CED8BE57145967B540BA4DBD4768F9ECAE8D82FB0BE5142CDB2E,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026365Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:49.589{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1254075EB594BFCA4710C0179834DE6D,SHA256=7ED79250855B65A23C08AB86E97A6CF2B7F30E7725FD456303E1FB207FD4EC21,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889476Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:49.925{D94AFF6C-6DD9-60FA-2200-00000000E701}1296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=85E02EEFEB94889C2B3FA0450D64D965,SHA256=FD2D44B44F455C51F744FDF6D494B2B2CAA113DD2D7C2DD2E0FED42E8CA25B0C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889479Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:50.957{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=29D66B9E7DAFE584085AF1191DEAB56F,SHA256=4F271A43FD3FF3D5ECB375ED001C1412D3EDFC95F2BCABB10B5AE57542CAFDED,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026367Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:50.589{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=861203E93493DA0281CFB7F1F12DF626,SHA256=ACDA6C16F836E33D5E88AA700806FD23F77650D57C941E2FED425B3764624141,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000889478Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:41.126{D94AFF6C-6DE2-60FA-6100-00000000E701}3628C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-702.eu-central-1.compute.internal52456-false10.0.1.12-8000-
23542300x80000000000000001026366Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:50.557{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CA7157D6F79E9C9999CAC29FE9E434C8,SHA256=D5C57F1B816D89DD7BA4FA8024CE6320B69F9150B3E6A7C74F5958092590BE33,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889481Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:51.972{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D34568E03D75FC0B80178B81F19B4D3,SHA256=1B3CACF22013A8BD40726D73B1B9F323D395D417D9596BF63491FF09484D17DC,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001026381Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:51.870{2E2BE06D-6DE9-60FA-3300-00000000E601}31563176C:\Windows\system32\conhost.exe{2E2BE06D-6F73-60FE-0B79-00000000E601}7064C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026380Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:51.870{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026379Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:51.870{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026378Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:51.854{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026377Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:51.854{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026376Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:51.854{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026375Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:51.854{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026374Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:51.854{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026373Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:51.854{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026372Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:51.854{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026371Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:51.854{2E2BE06D-6DD6-60FA-0500-00000000E601}416420C:\Windows\system32\csrss.exe{2E2BE06D-6F73-60FE-0B79-00000000E601}7064C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001026370Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:51.854{2E2BE06D-6DE8-60FA-2700-00000000E601}28923740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2E2BE06D-6F73-60FE-0B79-00000000E601}7064C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001026369Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:51.855{2E2BE06D-6F73-60FE-0B79-00000000E601}7064C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2E2BE06D-6DD6-60FA-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{2E2BE06D-6DE8-60FA-2700-00000000E601}2892C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x80000000000000001026368Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:51.604{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=023CF3300914816EF466C6DBB5733A7F,SHA256=7621DAE915EF8A66756D8CA46D351E42A2502CA54CF8A9116CFDED799ED10155,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000889480Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:41.954{D94AFF6C-6DD9-60FA-2200-00000000E701}1296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-702.eu-central-1.compute.internal52457-false10.0.1.12-8089-
23542300x8000000000000000889482Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:52.988{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=677CC4CFC19D98629BCEB806443C7944,SHA256=65FAEEBE84B134E7CED4DBCC3DA3B780876914A5FC3B3A555B0DBE6EB4621085,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026386Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:52.854{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AE0F4E7DE5F761DAB7D12AD66E01DE99,SHA256=144E230D99506CAFE00B3F6F0118436000A671FDF1487167DEABDF77D33DA750,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001026385Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:51.204{2E2BE06D-6DF4-60FA-6900-00000000E601}3676C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-56.attackrange.local59142-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
354300x80000000000000001026384Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:50.657{2E2BE06D-6DD6-60FA-0B00-00000000E601}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-56.attackrange.local59141-true0:0:0:0:0:0:0:1win-dc-56.attackrange.local389ldap
354300x80000000000000001026383Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:50.657{2E2BE06D-6DE8-60FA-2300-00000000E601}2740C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-56.attackrange.local59141-true0:0:0:0:0:0:0:1win-dc-56.attackrange.local389ldap
23542300x80000000000000001026382Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:52.620{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=69FB96E7D6D9540FE97F62799F8D1261,SHA256=114E97B7F1EF9CF0E20F66F3BD3C2C12D07786B06E6D07E6281B18CDC0229EC2,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026387Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:53.620{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB00C119B7CC4043F0BE92E30BC94DE9,SHA256=AB338FF2549B6760EF27FA1E0D63839F6E01D5CD98891E14530F43227E918EBE,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026388Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:54.635{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=276E57BFBBC598DD43EA0A75B24BD2AB,SHA256=527BABAAE497BFB25B9EB66C49E2E337E1443D4556C85188051F22C1BD25B7A5,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889483Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:54.003{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F671BDE5A1E96184B67D57B701AB355,SHA256=3147CE8E00F584D7E94CD48AEBFBC0D3E253EC73BDE7181744F2DD937A20888A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026389Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:55.635{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A072ECA9690E3972B9CC4EACF7BF460B,SHA256=0887FDD2BF752E22ECC9D74639484CB8E65576F40237537DFA767A12BF0AA1C3,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000889485Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:46.298{D94AFF6C-6DE2-60FA-6100-00000000E701}3628C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-702.eu-central-1.compute.internal52458-false10.0.1.12-8000-
23542300x8000000000000000889484Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:55.019{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9644DC318C75A3B1E35A921255D3E6A5,SHA256=B1F9B2795518E68B484CCA270835F15FCC38270F57D21248C340B513700863F7,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026390Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:56.651{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B54814A30418C86575D3E15797176EF0,SHA256=ED367D9A9E9E338BD0F4AA6BD79975EEBABB380F1099D8CB4E7C34D3AC3CF056,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889486Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:56.019{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C4A61FB9A670A3D1BD864CE4E7DBE0F,SHA256=4A19A53FAE1B7909C1ABF23602FB6CFF6505BBA9A69F98C0F70F017B630DCDD9,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026393Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:57.667{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C6C255B88AFBDEAAC9CC678D6985A79,SHA256=FF432768253B755D3B704FCEC1AA40353B7F4B2DD03918114F2C656BF7D74C63,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889491Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:57.925{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7A88B1E6CB27651E64790A337EAD778F,SHA256=C3B94545ACF1720356D04083B3B1A669D2DE56EEACEA9B2952B44F48B6299EFC,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889490Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:57.925{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=76EDFEDD652D4E86EE6EF4A4F268FDDB,SHA256=4FEB6E1F13985DC6EC0CECD0810F740A16809627E5D4CB22213232B1166A3235,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000889489Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:48.213{D94AFF6C-6DD8-60FA-1000-00000000E701}928C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse210.245.94.89smtp2.groupcontact.net64919-false10.0.1.15win-host-702.eu-central-1.compute.internal3389ms-wbt-server
354300x8000000000000000889488Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:48.138{D94AFF6C-6DD8-60FA-1000-00000000E701}928C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse193.93.62.33-46891-false10.0.1.15win-host-702.eu-central-1.compute.internal3389ms-wbt-server
23542300x8000000000000000889487Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:57.144{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39F0AFA672AA579D1B1C876C79D10813,SHA256=2EF905C1B933555AC49AACAAF1120F20283A846FA9C023ADB4B5B6B90BBA3478,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001026392Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:56.282{2E2BE06D-6DF4-60FA-6900-00000000E601}3676C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-56.attackrange.local59143-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
10341000x80000000000000001026391Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:57.167{2E2BE06D-6DD8-60FA-0D00-00000000E601}9043884C:\Windows\system32\svchost.exe{2E2BE06D-6DD8-60FA-1000-00000000E601}384C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x8000000000000000889492Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:58.175{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7854B6E2AA1E97BA221FF37147B86685,SHA256=7068F34C79AEB39C4FE36C5B2EFD6CF9948F81D65E0FB444130787D0057B6A79,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026394Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:58.667{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD1299D0906301A06AC0FF716CDBFB55,SHA256=B291836360280D23DAAAD6325E830CC4D53A65831B01EC2103A4C8A145629A20,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000889495Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:49.936{D94AFF6C-6DD8-60FA-1000-00000000E701}928C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse210.245.94.89smtp2.groupcontact.net65028-false10.0.1.15win-host-702.eu-central-1.compute.internal3389ms-wbt-server
23542300x8000000000000000889494Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:59.675{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7A88B1E6CB27651E64790A337EAD778F,SHA256=C3B94545ACF1720356D04083B3B1A669D2DE56EEACEA9B2952B44F48B6299EFC,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889493Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:59.410{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED839AA1A4AD2432E075844D75A7798A,SHA256=CB6E178BF9C9D247120A6ADD65D1ADF096761AEEEB9B7EDF19D1C1B54B3DD937,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026405Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:16:59.682{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9865BE5DAC6F20BD43A1A2242D6A3AA,SHA256=0255F35BA95A79ACC6EFBD9B1BD65C1BCAF86A1292AA68C3284F84B9938D5B4F,IMPHASH=00000000000000000000000000000000falsetrue
13241300x80000000000000001026404Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-SetValue2021-07-26 08:16:59.573{2E2BE06D-6DD6-60FA-0B00-00000000E601}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006)
13241300x80000000000000001026403Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-SetValue2021-07-26 08:16:59.573{2E2BE06D-6DD6-60FA-0B00-00000000E601}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0fa681c5)
13241300x80000000000000001026402Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-SetValue2021-07-26 08:16:59.573{2E2BE06D-6DD6-60FA-0B00-00000000E601}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d781ee-0x39157a7f)
13241300x80000000000000001026401Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-SetValue2021-07-26 08:16:59.573{2E2BE06D-6DD6-60FA-0B00-00000000E601}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d781f6-0x9ad9e27f)
13241300x80000000000000001026400Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-SetValue2021-07-26 08:16:59.573{2E2BE06D-6DD6-60FA-0B00-00000000E601}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d781fe-0xfc9e4a7f)
13241300x80000000000000001026399Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-SetValue2021-07-26 08:16:59.573{2E2BE06D-6DD6-60FA-0B00-00000000E601}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006)
13241300x80000000000000001026398Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-SetValue2021-07-26 08:16:59.573{2E2BE06D-6DD6-60FA-0B00-00000000E601}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0fa681c5)
13241300x80000000000000001026397Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-SetValue2021-07-26 08:16:59.573{2E2BE06D-6DD6-60FA-0B00-00000000E601}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d781ee-0x39157a7f)
13241300x80000000000000001026396Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-SetValue2021-07-26 08:16:59.573{2E2BE06D-6DD6-60FA-0B00-00000000E601}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d781f6-0x9ad9e27f)
13241300x80000000000000001026395Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-SetValue2021-07-26 08:16:59.573{2E2BE06D-6DD6-60FA-0B00-00000000E601}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d781fe-0xfc9e4a7f)
23542300x80000000000000001026406Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:00.682{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CCE8D3CFA33855E20DBFAEFA5F05F6E8,SHA256=42D2238D65218127B4AF2453E4658FF4B368F3C310092E9FD35AA1CC7AD4EA40,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000889497Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:50.866{D94AFF6C-6DD8-60FA-1000-00000000E701}928C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse49.238.204.234-51639-false10.0.1.15win-host-702.eu-central-1.compute.internal3389ms-wbt-server
23542300x8000000000000000889496Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:00.519{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D9782FFE81E96C4F96FC6570C309DF6,SHA256=4B2337B9A12D3F24C1E3527C74CC0596D6FF443B937490B3CB5ABFDEF0E95AE3,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889499Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:01.738{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18175D730087CAF10C65EAA2A43B1DBB,SHA256=29BAABD328D128847919AC7F1AF16BB41A6799FD028A7975C192B23454371BA7,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026407Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:01.698{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C24B10C206EED209CFA8E6FF7BCCB11,SHA256=BF0C3BC00C83B8E3C7C0175159CB196CF36766560C90F7C823B78F8239DC1D8A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889498Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:01.222{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C42359030799DFA38C2D872B007577F1,SHA256=01ECDE77154D30EA8E9AD5E9297FA0A2D23E3C330C4876152CBA720E84927F5C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889501Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:02.972{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AB3FEB862A65293F1EC6EEBC8824B48,SHA256=2902F901E1FA469971B8B01DE9B02AACDBB7AD9E116C0D1BF4A97E92B27ABEB6,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026408Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:02.698{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA8423B8ECE9DD14A684D3A6E0E595DA,SHA256=9CFEDC3C4144D59C7C137C05ED6F3B1181FBC2DF915DCF6BA32A75B58AD607D9,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000889500Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:52.251{D94AFF6C-6DE2-60FA-6100-00000000E701}3628C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-702.eu-central-1.compute.internal52459-false10.0.1.12-8000-
23542300x80000000000000001026410Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:03.729{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E86E0B012C2819291E630E682132B2E,SHA256=5EED8CE23F518CDC3AAEF6EAF2906AA2D3E1A1C2556AA8D9476826C59DE1D988,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001026409Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:02.251{2E2BE06D-6DF4-60FA-6900-00000000E601}3676C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-56.attackrange.local59144-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001026411Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:04.732{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB1378DE80C1E9FFF629F5FF35E5C17A,SHA256=5DBD1E11AC65D6000864C3005864FC1AC4DB2F2A39D5E38F1EACCD001D8CAF81,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889502Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:04.128{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=532BCCF9A538D7416CD78261B3115589,SHA256=ACA837A9F0E940B9BA380BC1355A207E5B4BE472062ED5F468EF2A128CA1D831,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026412Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:05.735{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=28FD91CDBF0772C41F903E939BE0371B,SHA256=E3FD70A2A90AB8A1AAAFA95B2D3F8D16C6E326B8286889B9F4B85F68E44245CB,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889503Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:05.128{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=760F3DCEAD6A9EE0B5F59B8284429097,SHA256=8DA7EBF43259724A94BB47B08E53EC7FFAE0FC4E7E244E9D716D9022E5340822,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026413Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:06.750{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8CAC35F9F7895BFF5067FEAE4138DBC4,SHA256=42DAD541B777E7478A10A295D9FB012805BD983A1CF8E75756A9BCA13E14690D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889504Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:06.144{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DEB02996606FFA785F68C6BD21D4AC39,SHA256=1137E3A1FD862F10FD2625F15B6F5ECAD1F15C247070CE8F6089268B65D93DAF,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026414Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:07.750{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B4D0C45AB731CD5DFAF8EF6BFAD312FB,SHA256=27729438DDAF0D8CBFCA4374B51C8F4C53E990DD021AF156AF1D0B6E85A4EB87,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889505Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:07.160{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33BCA4BF52D3549C47A7C54028164939,SHA256=BC8C6FF22B52E17A000B4B8E432E7132EE39FD5FB5815DE1BB274A50337CDFFB,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026416Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:08.766{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=63749A4D96DF876D2B8B8FCA9FF8ED0F,SHA256=3BCAD6B5F0DB189F07A7F262983ADDBEAB629171856D43513C9F6D71505005EA,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000889507Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:16:58.266{D94AFF6C-6DE2-60FA-6100-00000000E701}3628C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-702.eu-central-1.compute.internal52460-false10.0.1.12-8000-
23542300x8000000000000000889506Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:08.175{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF9F2264E37818AADF4BF3E4D7D77E10,SHA256=921CD393D05C16022A73FF87C291E0DC7ED43F84D6AB11725157420566A51CDF,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001026415Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:07.334{2E2BE06D-6DF4-60FA-6900-00000000E601}3676C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-56.attackrange.local59145-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001026417Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:09.766{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20E01771BAB901105EDE539157BF40AB,SHA256=ACC2C9AD85AABC4C15F9A20C25ACA1B0BDC44E6984A2ACD95BB234C1A941626B,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889508Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:09.191{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=03258F8568C66132C7002267342B38F4,SHA256=A4B67829881F9FC2F880BE36D906E6151664B685BE16A73585539B49F1CE0A73,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026418Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:10.828{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D76109B5B23D09FD05928A22095692E5,SHA256=B0CA5B99E072BEC713110285851F11EFCE78C0A6B4B533B5FCCE7B051DFE9821,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889509Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:10.206{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=189E4498700D3641B5AC5362760E8B59,SHA256=AD2F3F73D8D87A9142692F163D42F50C10A67E110D62770D2F54041D1301F957,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026419Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:11.844{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE04A8E7DDB6CD2D6C42C18228F46EFB,SHA256=7406075B7483FBD24608991326E082CA005614DE55F663996D148621AF66AC4D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889510Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:11.206{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=828F0012106638CAD88CEDEDA4610729,SHA256=3018010FD3CC0BD022451FA0CB4779B8E602D8BFF379EB9DC8294643B8D493DC,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026420Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:12.860{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25FE29D3B803168A3FE748206921B939,SHA256=F24A69DCC3ACF2EA7F32A9F34CDC43EB8AFD3E38D31FF13CA80E49E0658F1D9F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889511Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:12.222{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=019927A44BCEC099848C103E2B80B330,SHA256=122477FC286C40B481A3A632CCDA0B2B181374A92E2F71A3CA99F7B1BE9A9C37,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026421Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:13.875{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4A41F9624CAFB5953701F07EF241CE2,SHA256=628716E238AE6964895190926B856337CBB7DB43A41C4B3432B2D1CAFF572592,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000889513Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:04.250{D94AFF6C-6DE2-60FA-6100-00000000E701}3628C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-702.eu-central-1.compute.internal52461-false10.0.1.12-8000-
23542300x8000000000000000889512Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:13.238{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A274BDB7338AB76D7D553FD0535BE1E,SHA256=4FE95EF0EA21B8DD4831074A8D17544170B77672BAA4C7710B08F09FD0248FEB,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026422Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:14.875{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F12762CC7792C2CAB14E8CAEAD420C3,SHA256=DB1ECEB544C8BD3E5E30F056DE9991EEC18C504C6EB06068226DC4C884A2765A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889514Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:14.253{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=02AF2F46CADCEA6E3913639F9082EF5F,SHA256=A1EE6C81BDCE8CDD47998643EB169C2248FCDA65AE0872D823DED0F39A8F2337,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026424Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:15.891{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9BD5A7FC1019AA9DFB888B7F1EF29773,SHA256=00177C749B905A37FEE9E0BF2C9C8CCB47C6347A34556E7CD2BE78265CF74843,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889515Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:15.253{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B16DD0BD78F4C0B969F69915978B330A,SHA256=AA41FDD79AF5DE22EB6142FAB2143D738CC196CE1D0AD57A3FFBCD793A6CFA4F,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001026423Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:13.303{2E2BE06D-6DF4-60FA-6900-00000000E601}3676C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-56.attackrange.local59146-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001026425Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:16.922{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E924C7EA376AF47E885FD2ACEC43EBEE,SHA256=CAD5569F827D0B320B0DAF8EF37C62AC9FC24D3A42874FDADAABCACC9B325C5B,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889516Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:16.269{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79BC1C82A83B3C5912B1F3EF7A448980,SHA256=DD98C13F952ECF1A974F8F56788737F7B51AF5D3E9DC04B67AC8D6AA9CEC8B0E,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026427Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:17.938{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC103AAC08A4C0BD7E1DBF61879DB712,SHA256=AB52CA848CDDAB32BE1A4AA160289286A4F308D1B51CCB6D3187AA29E35A9F83,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889517Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:17.284{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5BED590DF0C38CF25E241FF485952D6,SHA256=E4A45016CF74287F184C3502C5D41F07736BD01EA73603DB0EB8401DDF9390F2,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026426Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:17.828{2E2BE06D-6DD8-60FA-1200-00000000E601}780NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=F24BA80EC0D573E8C6DE9BB9D8DF377F,SHA256=BDF36701A141181888BB9E6471FD79A5F53520BB31F600DC054384E082CB9BAF,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026428Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:18.938{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=994C6E85E813AA42E20613DFB7DB1077,SHA256=AF680EDBC7368ECCBAB5022B7BB3E0D38911127FDDE91B77AD6F5C00CD280B7C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889518Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:18.285{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=431C4E779D9459582F28870B40FBE429,SHA256=BA633247E41A68ECD67FC3BF343917D39867A2B369E5894942607690B81C7730,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026429Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:19.953{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A41A235559D415321BD52FE8B98DCFC,SHA256=AEA4FE04A1CED604C34983B8C5F343F99DFBD3756859B78617B23C23DAF61B3D,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000889520Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:10.234{D94AFF6C-6DE2-60FA-6100-00000000E701}3628C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-702.eu-central-1.compute.internal52462-false10.0.1.12-8000-
23542300x8000000000000000889519Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:19.300{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE49475A29C9468E109E6F1EF147E808,SHA256=AFEF2F42F0E5A37EE60D335620B07808C3D38E93606C70CAEFD3B4321D990E8B,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026431Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:20.953{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB1E9DDE1BE1D28E793BD4EFAC2CF32E,SHA256=0B495BFA3032FFE0DE1464D8B869559C899AA421FDACC6C289FAEE345F87EE0F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889521Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:20.316{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=843182C4D0E7C55F8B4DA6D14F93D845,SHA256=33675223CD3F63803177A4BD5972F40470873B8F8CCC1D852FABFEE86D4C45E8,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001026430Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:19.319{2E2BE06D-6DF4-60FA-6900-00000000E601}3676C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-56.attackrange.local59147-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001026432Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:21.985{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E28CFA911631B6E2DA2BFF856ACF5CE8,SHA256=A10235FB5A82C7388E0D2BC6D3E65F10E1EEFE3C8EE58C2014C2723FE42A9A0F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889522Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:21.331{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B030309C55B1718CD796BCB223986872,SHA256=43D16B3544215693177EA0A6F727D348054CE77509FC411E95075D2735B3A27E,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026433Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:22.985{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0CED95393CAA7E8D4ECFBC06343BA7D4,SHA256=076006E2B1CE55E0E64F87041A892F5A2CC6F5546A371BB0289A8D71F81CB4F6,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889523Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:22.347{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=07E6659E2080014DA5FD7711B91D9441,SHA256=8636E188E4C044A65009F8A100C54A25881309A0659E6869CA6A34F1A7E90EB8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889524Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:23.363{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DCFCA67305C0B01D6522C27CCA7CE048,SHA256=B70717FA0686A67412E4362E90083678D97219BFFF9FF7CE9C7A0C6D79EF37E3,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889525Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:24.363{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB1166D160FC9F79C8746B4C7738F9F4,SHA256=DD9910E9E5433DE3A5C76E03BD124E039B6477F2BF2CFA340C5D87B1D45CE7CA,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026435Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:24.875{2E2BE06D-6DE8-60FA-2700-00000000E601}2892NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=85E02EEFEB94889C2B3FA0450D64D965,SHA256=FD2D44B44F455C51F744FDF6D494B2B2CAA113DD2D7C2DD2E0FED42E8CA25B0C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026434Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:24.016{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AEC860EE15756587A4B42AEC2CAC948B,SHA256=4AC4B13FFB44F128D3590EBB33AD386566883ACA968B7B9CAC66B7EE4BBE130A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889526Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:25.378{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE4981F25919DA345EB6E302788955B1,SHA256=806B1655DAE4F954A63CAF68FC9BC54ED387F3DB01C7C00997C0549B5F255011,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001026437Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:25.241{2E2BE06D-6DF4-60FA-6900-00000000E601}3676C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-56.attackrange.local59148-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001026436Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:25.016{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=97B8AF0C42518569B8E976FC273382E2,SHA256=B9223A93DBE683116EB73BEBE64A72276E55FDD9295B0E06B158A050998893BA,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889528Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:26.394{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE089ECA1646CCD19E1C3F7591A95CF1,SHA256=F9E73C411B376D6F6B401F887AB398A1D228FB3A3D1AAA9ECC6FB412FE9C3F30,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001026439Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:25.991{2E2BE06D-6DE8-60FA-2700-00000000E601}2892C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-56.attackrange.local59149-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089-
23542300x80000000000000001026438Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:26.031{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC29E9AFD7B91652BF28DABABE0A6CAE,SHA256=5FE9504D4B658C20B1E4A9B5D176998A9D183E7B5D0C49BF287AD4F4F9FDBEF0,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000889527Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:16.187{D94AFF6C-6DE2-60FA-6100-00000000E701}3628C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-702.eu-central-1.compute.internal52463-false10.0.1.12-8000-
10341000x8000000000000000889542Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:27.909{D94AFF6C-6DDA-60FA-2B00-00000000E701}28322852C:\Windows\system32\conhost.exe{D94AFF6C-6F97-60FE-7D78-00000000E701}1664C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889541Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:27.894{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889540Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:27.894{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889539Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:27.894{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889538Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:27.894{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889537Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:27.894{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889536Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:27.894{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889535Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:27.894{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889534Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:27.894{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889533Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:27.894{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889532Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:27.894{D94AFF6C-6DD7-60FA-0500-00000000E701}416432C:\Windows\system32\csrss.exe{D94AFF6C-6F97-60FE-7D78-00000000E701}1664C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x8000000000000000889531Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:27.894{D94AFF6C-6DD9-60FA-2200-00000000E701}12963324C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D94AFF6C-6F97-60FE-7D78-00000000E701}1664C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x8000000000000000889530Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:27.895{D94AFF6C-6F97-60FE-7D78-00000000E701}1664C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D94AFF6C-6DD8-60FA-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{D94AFF6C-6DD9-60FA-2200-00000000E701}1296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x8000000000000000889529Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:27.409{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5466FF39A74EE305B7D67F07B1C4C176,SHA256=E9FC565B1512AA34E64F149137A570EFED697146268A4B655E071CDB39AEC0CB,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026440Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:27.031{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A00F088CE757F4070AD4D5A86890ED98,SHA256=34C8DA6A252589C0374B304F48D201072F038AF835167AF373F04E9D24857D8F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889558Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:28.894{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=26722E52BA7E806CAB1285B5C7A3BDD8,SHA256=88A06D9C04FF9D3E4DB3E01005B636E0D5AE01511CB07DA610C23CAE2399DC8F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889557Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:28.894{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=24D02E8D876C3D15778AE27B1A534DE1,SHA256=D730532AAE65DF283A019978D043B57A9831FD6FDF97880A820AF074CD5DCAD4,IMPHASH=00000000000000000000000000000000falsetrue
10341000x8000000000000000889556Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:28.534{D94AFF6C-6DDA-60FA-2B00-00000000E701}28322852C:\Windows\system32\conhost.exe{D94AFF6C-6F98-60FE-7E78-00000000E701}1716C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889555Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:28.534{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889554Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:28.534{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889553Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:28.534{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889552Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:28.534{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889551Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:28.534{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889550Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:28.534{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889549Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:28.534{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889548Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:28.534{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889547Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:28.519{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889546Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:28.519{D94AFF6C-6DD7-60FA-0500-00000000E701}4161060C:\Windows\system32\csrss.exe{D94AFF6C-6F98-60FE-7E78-00000000E701}1716C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x8000000000000000889545Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:28.519{D94AFF6C-6DD9-60FA-2200-00000000E701}12963324C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D94AFF6C-6F98-60FE-7E78-00000000E701}1716C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x8000000000000000889544Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:28.520{D94AFF6C-6F98-60FE-7E78-00000000E701}1716C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D94AFF6C-6DD8-60FA-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{D94AFF6C-6DD9-60FA-2200-00000000E701}1296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x8000000000000000889543Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:28.410{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEB720E2367C011437F12E10B2AA216D,SHA256=D5715D11B0BFDB8FEB2AF6CF153A8126861ACFF78D4A13A2A58E4DA8C7DEAC49,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026441Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:28.047{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FEE9670507D26969AEE7227F43B37175,SHA256=6181F8DF31BFBFAF438320657041B0B7EE1DEFBE9F2B65BCF67E0D5F5143C8F4,IMPHASH=00000000000000000000000000000000falsetrue
10341000x8000000000000000889586Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.831{D94AFF6C-6DDA-60FA-2B00-00000000E701}28322852C:\Windows\system32\conhost.exe{D94AFF6C-6F99-60FE-8078-00000000E701}3532C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889585Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.831{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889584Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.816{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889583Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.816{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889582Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.816{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889581Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.816{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889580Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.816{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889579Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.816{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889578Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.816{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889577Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.816{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889576Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.816{D94AFF6C-6DD7-60FA-0500-00000000E701}416432C:\Windows\system32\csrss.exe{D94AFF6C-6F99-60FE-8078-00000000E701}3532C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x8000000000000000889575Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.816{D94AFF6C-6DD9-60FA-2200-00000000E701}12963324C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D94AFF6C-6F99-60FE-8078-00000000E701}3532C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x8000000000000000889574Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.816{D94AFF6C-6F99-60FE-8078-00000000E701}3532C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D94AFF6C-6DD8-60FA-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{D94AFF6C-6DD9-60FA-2200-00000000E701}1296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x8000000000000000889573Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.503{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFC3656367670FEFE166AE2457F7B92A,SHA256=21833265A1B733C3A3C32223A563983B3E629B3AE2BFD33F62EA223884F171F3,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026442Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:29.063{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AC08D2ECC2E16B7648A24F55AB29390,SHA256=282C5C118F8F2ADA05A1A18E088AAC4A5005B3C370A034E363F7983C21C9C251,IMPHASH=00000000000000000000000000000000falsetrue
10341000x8000000000000000889572Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.269{D94AFF6C-6F99-60FE-7F78-00000000E701}12322596C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{D94AFF6C-6DD9-60FA-2200-00000000E701}1296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889571Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.159{D94AFF6C-6DDA-60FA-2B00-00000000E701}28322852C:\Windows\system32\conhost.exe{D94AFF6C-6F99-60FE-7F78-00000000E701}1232C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889570Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.144{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889569Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.144{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889568Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.144{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889567Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.144{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889566Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.144{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889565Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.144{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889564Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.144{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889563Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.144{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889562Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.144{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889561Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.144{D94AFF6C-6DD7-60FA-0500-00000000E701}4161060C:\Windows\system32\csrss.exe{D94AFF6C-6F99-60FE-7F78-00000000E701}1232C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x8000000000000000889560Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.144{D94AFF6C-6DD9-60FA-2200-00000000E701}12963324C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D94AFF6C-6F99-60FE-7F78-00000000E701}1232C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x8000000000000000889559Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.145{D94AFF6C-6F99-60FE-7F78-00000000E701}1232C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D94AFF6C-6DD8-60FA-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{D94AFF6C-6DD9-60FA-2200-00000000E701}1296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x8000000000000000889588Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:30.550{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80E06F8B15FB643A9A1076B405D786CA,SHA256=F64769433711D627D3C734A3019DB07FA3619E4FF046AA8ECAC7E2742601ED90,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001026444Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:30.366{2E2BE06D-6DF4-60FA-6900-00000000E601}3676C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-56.attackrange.local59150-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001026443Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:30.063{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6DFA9AAE1441A5D3EA6F3E85273C3182,SHA256=8863EE174213D3E9115068AABA160D87A9A3426F13F689913D5331C2EFC8455A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889587Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:30.175{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=26722E52BA7E806CAB1285B5C7A3BDD8,SHA256=88A06D9C04FF9D3E4DB3E01005B636E0D5AE01511CB07DA610C23CAE2399DC8F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889589Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:31.784{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C214A1AB131E34D04937FD22C13BCF6,SHA256=BFC532BD1BE41369460A8481E87DFE78AA9A0ED189B936D974295660D546B8DB,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026445Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:31.297{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B43A4763EE00E0ACE5C462047766BFF7,SHA256=95E34E3D048BD6472ACF7428885C4A7B5C9952F3A167FB1899373E26082C8FB3,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889591Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:32.800{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F48C14845F1BE1FDF34962F075A28A7,SHA256=6CF8671F149948FE680A4F2B3C0A001C386245880C742C493B5FFA81AA4F6468,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026446Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:32.531{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6732CFCF07291C67473615BF99E4327,SHA256=24BFE1D4509A3E10E83131A058920D9C44FD4535E9B6AD3CADCD1FB2962C19E7,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000889590Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:22.109{D94AFF6C-6DE2-60FA-6100-00000000E701}3628C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-702.eu-central-1.compute.internal52464-false10.0.1.12-8000-
23542300x8000000000000000889592Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:33.941{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34B01D91AF1D76678D80F1EB5892F179,SHA256=075F0EA22B948D1222A5D3BFAB181DFC0EAA061390CB737F93B89D3ADA383F2E,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026447Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:33.563{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8475433133BA27E53418127CF97C3821,SHA256=2C38DA86362E0BE64779BB26D148CA75B59040AE2DCE51F151A6EA51A50E8485,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026448Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:34.610{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=96ED3FEBE43B6F09638E30B7C98FDD03,SHA256=933FAFA65853F852FBD153047173A13ECCE4519E3932B9384AFD10448B338686,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026449Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:35.610{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=562C5F500AC68F0722BC7FBC2557748A,SHA256=0906E1F5F7441E9879BE3FD052F7DF6CD3D49CDF38846F42C3595EF8E0ADDC91,IMPHASH=00000000000000000000000000000000falsetrue
10341000x8000000000000000889607Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:35.847{D94AFF6C-6F9F-60FE-8178-00000000E701}3441912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D94AFF6C-6DD9-60FA-2200-00000000E701}1296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889606Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:35.738{D94AFF6C-6DDA-60FA-2B00-00000000E701}28322852C:\Windows\system32\conhost.exe{D94AFF6C-6F9F-60FE-8178-00000000E701}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889605Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:35.722{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889604Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:35.722{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889603Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:35.722{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889602Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:35.722{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889601Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:35.722{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889600Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:35.722{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889599Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:35.722{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889598Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:35.722{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889597Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:35.722{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889596Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:35.722{D94AFF6C-6DD7-60FA-0500-00000000E701}4161060C:\Windows\system32\csrss.exe{D94AFF6C-6F9F-60FE-8178-00000000E701}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x8000000000000000889595Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:35.722{D94AFF6C-6DD9-60FA-2200-00000000E701}12963324C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D94AFF6C-6F9F-60FE-8178-00000000E701}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x8000000000000000889594Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:35.723{D94AFF6C-6F9F-60FE-8178-00000000E701}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D94AFF6C-6DD8-60FA-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D94AFF6C-6DD9-60FA-2200-00000000E701}1296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x8000000000000000889593Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:35.019{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4AD777982B13EF31E50C2D67E4FCE852,SHA256=CA119864F2007E49E302DDBC9F79C1E85E34844D3312427DF18734CEF5E39FF0,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026450Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:36.610{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A0AC0A28863E59657EF9CCCDEBCAAEA6,SHA256=26626FAF69738925BA9D17E7CFA20FCE9BB7892A91E561BFB550DF084BE4E248,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889611Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:36.754{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4574AAC8251280B4C8EC63B185A867EB,SHA256=C8ECBE0BB74EFEBDF3E690F9FC2710B278898D4A375FB87A6EDEEBED354695AB,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889610Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:36.754{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FDC96CEB723E33ECCEF5F07D5D463626,SHA256=63C2875F2E22FA8B1C28436ECBB7E82BAA939C09EA4C30ED75D5C5AAF475985C,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000889609Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:27.234{D94AFF6C-6DE2-60FA-6100-00000000E701}3628C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-702.eu-central-1.compute.internal52465-false10.0.1.12-8000-
23542300x8000000000000000889608Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:36.050{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=630E000E2F8262F7A2E174C9C5F559D9,SHA256=593D488FEDDF10A9039D599CB157D716C7C62035E3A8A7D05679A575AF5ACDC8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026452Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:37.625{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D531017CE19B83AE56B6D849EEAA34B,SHA256=F71DAD8FA9C419D2FD851C37D1E546EEC010FD66DBC817CF718A3D32FE0DB4C6,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889612Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:37.286{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21D456F3EA17DDC66840393B53D1B56E,SHA256=1D9DD9BABEFDC784D41C739090532875BE21E58C297BAD6DD4C0CF4E63B896CF,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001026451Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:36.256{2E2BE06D-6DF4-60FA-6900-00000000E601}3676C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-56.attackrange.local59151-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001026453Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:38.641{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F91742135C498B210F10ED87484CAA3,SHA256=64C3E8362194A0AD90A69F7D4ACA0E07B0462FD2BAA4227C5E42C9689DD6DAA5,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000889615Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:29.186{D94AFF6C-6DD8-60FA-1000-00000000E701}928C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse191.96.168.227-52826-false10.0.1.15win-host-702.eu-central-1.compute.internal3389ms-wbt-server
23542300x8000000000000000889614Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:38.517{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=127E58AF141FD55F1B83BDE282B9D09F,SHA256=9192B6E7CCA696289C8CF7B00A43A3BF0E650F744AAA28C92EA343C0C38FC84D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889613Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:38.470{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4574AAC8251280B4C8EC63B185A867EB,SHA256=C8ECBE0BB74EFEBDF3E690F9FC2710B278898D4A375FB87A6EDEEBED354695AB,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026454Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:39.641{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E3764DB74BF8AD3E194CC3ECA3B8A1E,SHA256=7BF8747F9FCBA24426D7801B0B43BDED02465482248052011084F4B2636708CA,IMPHASH=00000000000000000000000000000000falsetrue
10341000x8000000000000000889630Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:39.765{D94AFF6C-6FA3-60FE-8278-00000000E701}26963672C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{D94AFF6C-6DD9-60FA-2200-00000000E701}1296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889629Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:39.624{D94AFF6C-6DDA-60FA-2B00-00000000E701}28322852C:\Windows\system32\conhost.exe{D94AFF6C-6FA3-60FE-8278-00000000E701}2696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889628Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:39.624{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889627Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:39.624{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889626Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:39.624{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889625Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:39.609{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889624Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:39.609{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889623Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:39.609{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889622Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:39.609{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889621Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:39.609{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889620Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:39.609{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889619Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:39.609{D94AFF6C-6DD7-60FA-0500-00000000E701}416532C:\Windows\system32\csrss.exe{D94AFF6C-6FA3-60FE-8278-00000000E701}2696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x8000000000000000889618Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:39.609{D94AFF6C-6DD9-60FA-2200-00000000E701}12963324C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D94AFF6C-6FA3-60FE-8278-00000000E701}2696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x8000000000000000889617Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:39.610{D94AFF6C-6FA3-60FE-8278-00000000E701}2696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D94AFF6C-6DD8-60FA-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{D94AFF6C-6DD9-60FA-2200-00000000E701}1296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x8000000000000000889616Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:39.546{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=49E85D08D04776D64017D7488C4B57DC,SHA256=81B02D28084B4776377862253717E5F5E38DCDCA46393E1C6D0CB5B2C09572D6,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889646Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:40.749{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5C7675B0E6D99A4F728047E7C3621F86,SHA256=1CC3AFCD93FC2C40A032E7DBB138F194FF7D4D72C5A51E1FF0E35E713E188F27,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889645Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:40.749{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE9B081316EDB4DA04EF6338EDEFE3A0,SHA256=7C22F5EC1BCFCA63F042B53EE13991DF2DB08FC9A7D33E3828169582C49B4E94,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026455Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:40.656{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED723BB9D52EFF7C4AC98E1963E9E7AB,SHA256=64EC384E5DABFF0121D5058DAAAB73C1384C704F7A70FB0966BD98EBD5519E03,IMPHASH=00000000000000000000000000000000falsetrue
10341000x8000000000000000889644Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:40.406{D94AFF6C-6FA4-60FE-8378-00000000E701}40122872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D94AFF6C-6DD9-60FA-2200-00000000E701}1296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889643Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:40.296{D94AFF6C-6DDA-60FA-2B00-00000000E701}28322852C:\Windows\system32\conhost.exe{D94AFF6C-6FA4-60FE-8378-00000000E701}4012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889642Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:40.281{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889641Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:40.281{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889640Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:40.281{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889639Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:40.281{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889638Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:40.281{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889637Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:40.281{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889636Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:40.281{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889635Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:40.281{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889634Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:40.281{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889633Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:40.281{D94AFF6C-6DD7-60FA-0500-00000000E701}416532C:\Windows\system32\csrss.exe{D94AFF6C-6FA4-60FE-8378-00000000E701}4012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x8000000000000000889632Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:40.281{D94AFF6C-6DD9-60FA-2200-00000000E701}12963324C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D94AFF6C-6FA4-60FE-8378-00000000E701}4012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x8000000000000000889631Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:40.281{D94AFF6C-6FA4-60FE-8378-00000000E701}4012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{D94AFF6C-6DD8-60FA-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D94AFF6C-6DD9-60FA-2200-00000000E701}1296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x80000000000000001026456Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:41.672{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7AECC5E8A65681EADF270515C4EB6426,SHA256=F3522AEF30D17A399DE7A43C1AD270FA8BB882B9E961DB63FD6B94E3CE3A6781,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889647Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:41.953{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D1E4CD2A18EB2107728DAD489667E869,SHA256=ECDF5365817E76C57FCE8FE15EEFC1BDA9FCF17E2EC51034D46F09C12DD15ED4,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889649Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:42.968{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41ADAF7263866E45929AE15B9D079A54,SHA256=103E2BE6F058FDD8CCE7874F0A1BD1298D8E80B4052103BA2CE485A91B63B5DA,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026458Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:42.688{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDCD0EBED98B123B6BDAE13DB1BACDAC,SHA256=C9BD745A995EACC890549FB396C476D4A73E3052D72782723F0D49670943D514,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001026457Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:41.366{2E2BE06D-6DF4-60FA-6900-00000000E601}3676C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-56.attackrange.local59152-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
354300x8000000000000000889648Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:33.168{D94AFF6C-6DE2-60FA-6100-00000000E701}3628C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-702.eu-central-1.compute.internal52466-false10.0.1.12-8000-
23542300x80000000000000001026462Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:43.688{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C69817A0D5665BEED46911739ED1B6DB,SHA256=2ECCFD52FE91F3A908D30F2BD645CAB4C547DDEE0C2E8C7092A65C6DE66DB7A5,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001026461Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:42.964{2E2BE06D-6DD8-60FA-0F00-00000000E601}368C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse193.93.62.33-39250-false10.0.1.14win-dc-56.attackrange.local3389ms-wbt-server
23542300x80000000000000001026460Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:43.047{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=330FE9180FDE7384C1D366427B7FC0D0,SHA256=C8A623E4B3281564295E7CB47915143E4AE47D5C0B7BBF464DD062FBEC1DCEBE,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026459Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:43.047{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=79BC9FD3D6FE3CCBBF3B02144F329600,SHA256=3AAE6C4A52FF9D629B112F6C669371ECE8FB75F6C7B9E5049B717F4E86F224F0,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001026490Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.875{2E2BE06D-6DE9-60FA-3300-00000000E601}31563176C:\Windows\system32\conhost.exe{2E2BE06D-6FA8-60FE-0D79-00000000E601}6532C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026489Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.875{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026488Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.875{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026487Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.875{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026486Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.875{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026485Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.875{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026484Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.875{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026483Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.875{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026482Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.875{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026481Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.875{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026480Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.875{2E2BE06D-6DD6-60FA-0500-00000000E601}416420C:\Windows\system32\csrss.exe{2E2BE06D-6FA8-60FE-0D79-00000000E601}6532C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001026479Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.875{2E2BE06D-6DE8-60FA-2700-00000000E601}28923740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2E2BE06D-6FA8-60FE-0D79-00000000E601}6532C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001026478Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.861{2E2BE06D-6FA8-60FE-0D79-00000000E601}6532C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2E2BE06D-6DD6-60FA-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{2E2BE06D-6DE8-60FA-2700-00000000E601}2892C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x80000000000000001026477Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.719{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=045119E4B932E492DBF5B3B3FE69F5C0,SHA256=1AFAFF8B13BBA058C6DC69020740CE18BF3AA03376DB85D9A5E011D948785AD0,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889650Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:43.999{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5385794DF8E392079F65046E545A689F,SHA256=6EC21EDB434A7FD72C68DF0C4BABBAFDA7BE15AA1D01F069AA187311FE8FD0E2,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001026476Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.531{2E2BE06D-6FA8-60FE-0C79-00000000E601}6241208C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{2E2BE06D-6DE8-60FA-2700-00000000E601}2892C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026475Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.203{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026474Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.203{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026473Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.203{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026472Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.203{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026471Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.203{2E2BE06D-6DE9-60FA-3300-00000000E601}31563176C:\Windows\system32\conhost.exe{2E2BE06D-6FA8-60FE-0C79-00000000E601}624C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026470Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.203{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026469Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.203{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026468Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.203{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026467Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.203{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026466Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.203{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026465Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.203{2E2BE06D-6DD6-60FA-0500-00000000E601}416420C:\Windows\system32\csrss.exe{2E2BE06D-6FA8-60FE-0C79-00000000E601}624C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001026464Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.203{2E2BE06D-6DE8-60FA-2700-00000000E601}28923740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2E2BE06D-6FA8-60FE-0C79-00000000E601}624C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001026463Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:44.188{2E2BE06D-6FA8-60FE-0C79-00000000E601}624C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2E2BE06D-6DD6-60FA-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{2E2BE06D-6DE8-60FA-2700-00000000E601}2892C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x80000000000000001026506Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:45.844{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=056847C3362C059D38A25496900FBE43,SHA256=58E82CC000B9632C465A36ACCEA0AAD0F4CE7E78F6FBF357242D9DFD3E9FE8B4,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001026505Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:45.813{2E2BE06D-6FA9-60FE-0E79-00000000E601}50286636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{2E2BE06D-6DE8-60FA-2700-00000000E601}2892C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x8000000000000000889652Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:45.281{D94AFF6C-6DD8-60FA-1100-00000000E701}972NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=C30F877D00DFD8ABBF868451F17E57A8,SHA256=CDA2922BE74E00E9EEE44FFEAA56E4DBDCE5AAF8ED14AABF8318871FBDCE4A16,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889651Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:45.015{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E9E7F47AD408D9FE6D8982AD679D7D1,SHA256=E65BEFFF3B4D07198A0F1212D4480098790B960D549675D56C9649F73442EF58,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001026504Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:45.563{2E2BE06D-6DE9-60FA-3300-00000000E601}31563176C:\Windows\system32\conhost.exe{2E2BE06D-6FA9-60FE-0E79-00000000E601}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026503Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:45.563{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026502Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:45.563{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026501Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:45.563{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026500Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:45.563{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026499Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:45.563{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026498Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:45.563{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026497Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:45.563{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026496Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:45.563{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026495Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:45.563{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026494Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:45.563{2E2BE06D-6DD6-60FA-0500-00000000E601}416420C:\Windows\system32\csrss.exe{2E2BE06D-6FA9-60FE-0E79-00000000E601}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001026493Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:45.563{2E2BE06D-6DE8-60FA-2700-00000000E601}28923740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2E2BE06D-6FA9-60FE-0E79-00000000E601}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001026492Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:45.548{2E2BE06D-6FA9-60FE-0E79-00000000E601}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2E2BE06D-6DD6-60FA-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{2E2BE06D-6DE8-60FA-2700-00000000E601}2892C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x80000000000000001026491Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:45.203{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=330FE9180FDE7384C1D366427B7FC0D0,SHA256=C8A623E4B3281564295E7CB47915143E4AE47D5C0B7BBF464DD062FBEC1DCEBE,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001026535Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.938{2E2BE06D-6DE9-60FA-3300-00000000E601}31563176C:\Windows\system32\conhost.exe{2E2BE06D-6FAA-60FE-1079-00000000E601}4296C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026534Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.938{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026533Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.938{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026532Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.938{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026531Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.938{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026530Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.938{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026529Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.938{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026528Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.938{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026527Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.938{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026526Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.938{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026525Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.922{2E2BE06D-6DD6-60FA-0500-00000000E601}416420C:\Windows\system32\csrss.exe{2E2BE06D-6FAA-60FE-1079-00000000E601}4296C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001026524Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.922{2E2BE06D-6DE8-60FA-2700-00000000E601}28923740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2E2BE06D-6FAA-60FE-1079-00000000E601}4296C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001026523Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.923{2E2BE06D-6FAA-60FE-1079-00000000E601}4296C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2E2BE06D-6DD6-60FA-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{2E2BE06D-6DE8-60FA-2700-00000000E601}2892C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x80000000000000001026522Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.813{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B95FB4D5F1F11A47AC6B9C51FA159E3,SHA256=6BCF03770E4D3C17FDC98D11B65701832A96A92645BB147E44EE81C98FC80D86,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000889656Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:36.305{D94AFF6C-6DD8-60FA-1000-00000000E701}928C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse210.245.94.89smtp2.groupcontact.net64698-false10.0.1.15win-host-702.eu-central-1.compute.internal3389ms-wbt-server
23542300x8000000000000000889655Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:46.046{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=693D5365D062DB898DBD52C4243A71D9,SHA256=14775171FED666E5C3E0BF0C55C3AB7F8C00540C98C1B8BF34E42DCD43F779C7,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026521Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.781{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=052FA1AD08922F42B0AEF417F92492E5,SHA256=F254480F0BEB66EA09C07363CE986EC00BAAA6D5B9429710199279569ED132AC,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001026520Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.453{2E2BE06D-6FAA-60FE-0F79-00000000E601}8362464C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{2E2BE06D-6DE8-60FA-2700-00000000E601}2892C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026519Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.250{2E2BE06D-6DE9-60FA-3300-00000000E601}31563176C:\Windows\system32\conhost.exe{2E2BE06D-6FAA-60FE-0F79-00000000E601}836C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026518Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.250{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026517Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.250{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026516Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.250{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026515Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.250{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026514Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.250{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026513Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.250{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026512Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.250{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026511Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.250{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026510Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.250{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026509Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.250{2E2BE06D-6DD6-60FA-0500-00000000E601}416432C:\Windows\system32\csrss.exe{2E2BE06D-6FAA-60FE-0F79-00000000E601}836C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001026508Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.235{2E2BE06D-6DE8-60FA-2700-00000000E601}28923740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2E2BE06D-6FAA-60FE-0F79-00000000E601}836C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001026507Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:46.235{2E2BE06D-6FAA-60FE-0F79-00000000E601}836C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2E2BE06D-6DD6-60FA-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{2E2BE06D-6DE8-60FA-2700-00000000E601}2892C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x8000000000000000889654Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:45.999{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=46753E06C38C7CF8F05B112DCCEFCA44,SHA256=18D885E9792FB9A06C8905FBA0CD8FE7C3D6799B7BFB372FE1FB629F3BA3E2EC,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889653Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:45.999{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=49724EEA8AD85442155D3BC885370927,SHA256=DC10F93CA867D1C47CF805EF00E776987186ECFA20C7505DCEE098109A7011B5,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889657Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:47.046{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25231299C1A0F137AB2C893B48794F7B,SHA256=6F5231FA77EB1EBED26DA9B92B96EC917B2419FCCD4E1F96CA047D762C961582,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001026549Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:47.797{2E2BE06D-6FAB-60FE-1179-00000000E601}41245376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{2E2BE06D-6DE8-60FA-2700-00000000E601}2892C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026548Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:47.625{2E2BE06D-6DE9-60FA-3300-00000000E601}31563176C:\Windows\system32\conhost.exe{2E2BE06D-6FAB-60FE-1179-00000000E601}4124C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026547Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:47.625{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026546Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:47.625{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026545Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:47.625{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026544Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:47.625{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026543Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:47.625{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026542Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:47.625{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026541Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:47.625{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026540Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:47.625{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026539Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:47.610{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026538Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:47.610{2E2BE06D-6DD6-60FA-0500-00000000E601}416420C:\Windows\system32\csrss.exe{2E2BE06D-6FAB-60FE-1179-00000000E601}4124C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001026537Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:47.610{2E2BE06D-6DE8-60FA-2700-00000000E601}28923740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2E2BE06D-6FAB-60FE-1179-00000000E601}4124C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001026536Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:47.610{2E2BE06D-6FAB-60FE-1179-00000000E601}4124C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{2E2BE06D-6DD6-60FA-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{2E2BE06D-6DE8-60FA-2700-00000000E601}2892C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
354300x8000000000000000889659Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:38.277{D94AFF6C-6DE2-60FA-6100-00000000E701}3628C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-702.eu-central-1.compute.internal52467-false10.0.1.12-8000-
23542300x8000000000000000889658Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:48.093{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB3B30F438F97E68B5E783A0D7376D57,SHA256=B0D1E9E71830484130A3632FB5B6A4633B25D64578D0038184BD385FF00F2873,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001026552Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:47.319{2E2BE06D-6DF4-60FA-6900-00000000E601}3676C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-56.attackrange.local59153-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001026551Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:48.125{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1828F3C34FFBC127466D6A52D1F6B19,SHA256=79373710D8BE5DE745C634E17898348D363AABF01DF78CF3413D44A2EFA90284,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026550Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:48.125{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F9975672085337B74FD46AFA25CBCE25,SHA256=76812D957577B71EC9463F8CBABB5254CEA954A8D0D55215E1F0544848069E0D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889661Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:49.953{D94AFF6C-6DD9-60FA-2200-00000000E701}1296NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=85E02EEFEB94889C2B3FA0450D64D965,SHA256=FD2D44B44F455C51F744FDF6D494B2B2CAA113DD2D7C2DD2E0FED42E8CA25B0C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889660Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:49.124{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40F4CB453D6A0967C05E93410471E619,SHA256=297213440B8B889C502DBFF296AFDA1A8344FD4B7546E5298FC7D8D4149BF9BC,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026553Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:49.250{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB3802C78BC926A11BBDC3C26A0FFA88,SHA256=2FAE29B6B1073EC1BDD7786D29E99E3A24CB5FDABE6D278F32C5219015EBB3CD,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026555Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:50.594{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=46243353CEE588A9FEC8A006287D22A2,SHA256=22B4646C41F383F659D1792118F6AEA9921BDC81C911EDE783FAFA40D34BEA99,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026554Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:50.250{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A36CDE9D62A604F149E9EB23B588006,SHA256=16E609E4F611CBF509F5F0E3DD61D19021D5F738A9009543DCFE5559094BC8C9,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889662Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:50.156{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E516D9A63563E38B1017C53AC010E564,SHA256=B2275068212D4CDE367052E3194C827E13A5F6AEE78DD167C7FF7DFA1D78AE3C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889663Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:51.249{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5182BF89B2BF18C268E851036CD5485,SHA256=349E314B100042AEF3477F41D56C07CEAF5F111FCCB67BC5877030347B857BA9,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001026571Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:51.781{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026570Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:51.781{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026569Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:51.781{2E2BE06D-6DE9-60FA-3300-00000000E601}31563176C:\Windows\system32\conhost.exe{2E2BE06D-6FAF-60FE-1279-00000000E601}5896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026568Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:51.781{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026567Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:51.781{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026566Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:51.781{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026565Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:51.781{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026564Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:51.781{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026563Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:51.781{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026562Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:51.781{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DE8-60FA-2600-00000000E601}2884C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026561Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:51.781{2E2BE06D-6DD6-60FA-0500-00000000E601}416536C:\Windows\system32\csrss.exe{2E2BE06D-6FAF-60FE-1279-00000000E601}5896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001026560Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:51.781{2E2BE06D-6DE8-60FA-2700-00000000E601}28923740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{2E2BE06D-6FAF-60FE-1279-00000000E601}5896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001026559Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:51.767{2E2BE06D-6FAF-60FE-1279-00000000E601}5896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{2E2BE06D-6DD6-60FA-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{2E2BE06D-6DE8-60FA-2700-00000000E601}2892C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
354300x80000000000000001026558Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:50.663{2E2BE06D-6DD6-60FA-0B00-00000000E601}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-56.attackrange.local59154-true0:0:0:0:0:0:0:1win-dc-56.attackrange.local389ldap
354300x80000000000000001026557Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:50.663{2E2BE06D-6DE8-60FA-2300-00000000E601}2740C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-56.attackrange.local59154-true0:0:0:0:0:0:0:1win-dc-56.attackrange.local389ldap
23542300x80000000000000001026556Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:51.344{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B3D7DACD0527D2B800474F92F97E516B,SHA256=52A455EAD9794856094EEA401B1BA926FB799AFAA36668E068C78DF9045460AD,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000889668Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:42.747{D94AFF6C-6DD8-60FA-1000-00000000E701}928C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse212.102.34.235unn-212-102-34-235.datapacket.com38300-false10.0.1.15win-host-702.eu-central-1.compute.internal3389ms-wbt-server
354300x8000000000000000889667Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:41.980{D94AFF6C-6DD9-60FA-2200-00000000E701}1296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-702.eu-central-1.compute.internal52468-false10.0.1.12-8089-
23542300x8000000000000000889666Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:52.327{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A20C4C252B199653BC9F39FD405FFD71,SHA256=191DDE4D5533C476C091F0C713DF73B424612F3998A781DEE5EB80AD610703EB,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026573Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:52.797{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=296D6CA7C131D3D045FF7B6B850D85D9,SHA256=31C0F8B04CA873E5E163ACBC741FED008FC0FC93E4132E52A56EA5AC954171AF,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026572Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:52.344{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8A0E27F0DA50F1FCBBA65591FD834CB,SHA256=C00C99C589BD62499A45D363B708DDE7E96E2BDC67FBB3AAC6BF974744746C25,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889665Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:52.265{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B6FA254D2B15CF5E8A68646AE970AA4D,SHA256=6CAF83A4811BA3EB49FD225559519A8F6C532EA172535FE84BCD48A95D5DC4D7,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889664Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:52.265{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=46753E06C38C7CF8F05B112DCCEFCA44,SHA256=18D885E9792FB9A06C8905FBA0CD8FE7C3D6799B7BFB372FE1FB629F3BA3E2EC,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000889670Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:44.183{D94AFF6C-6DE2-60FA-6100-00000000E701}3628C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-702.eu-central-1.compute.internal52469-false10.0.1.12-8000-
23542300x8000000000000000889669Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:53.390{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9F678A468CB1B700052766AA62CCA50,SHA256=8E99D62138AC5860A12ED40D9F8128720A665507B216C9AA9EB1A80FFDCD1799,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001026575Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:53.272{2E2BE06D-6DF4-60FA-6900-00000000E601}3676C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-56.attackrange.local59155-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001026574Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:53.360{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91F263C99362013D81A282C17615E7C5,SHA256=CF97335B426B455B28E23F5009178602AB29FD5345D1804B7E35BD0A092A9D57,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889671Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:54.468{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=989E7515E3C677E80AF994CCB7D2B760,SHA256=CA91544C75EB112854DCFBCD2C6930699A06F2042244EBBFBA644EE8BD04C10F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026576Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:54.360{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0AA4E95E79EC7BB28F9045A5FCCFE1D,SHA256=68040A26E18C5FED6A69E0272F14ED1FF2676890A6AD7708527D4EF7B455975F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889672Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:55.671{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0626BBCF77C67C13F2E0C19EB06CA2E1,SHA256=8B71B01F5344FAB0269F3B807EBEE9BF469FAAF49B7325F048E24397A513049D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026577Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:55.375{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB45F7A5D05AD738F5D3D9FDBC94A4CA,SHA256=D732A2B637CF63ADC80E775D42828D7710880D9A46EA84A59A876C761FDF4AF4,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889673Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:56.702{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADDB41FBD624A3FD5C125394F33DC3D1,SHA256=C2A03F20CFC4C9846CC7027C340842DD73D9CDCCB59A6CD2828D3A778973D0DE,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026578Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:56.469{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FA56348741C6ADCAA849761331AAFFA4,SHA256=130743C8278F42C8EC60C044ED15DE3C96106437A529FEA8759BE0D6EAD26B6A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889674Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:57.718{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0CF7A6CAE6EA53BAC0445405DA296CF4,SHA256=9852E0EA51FD0FF728F13F49DF07C03BDB90D1AD0BD0B7B9CB8CCFCB5430654D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026579Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:57.469{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D91B625A337766D2B5DC9B1DD5DCCEF6,SHA256=69B6212F38ABB1959C3C552450F30F1DBC2C2F2DADD946FC0A25423D3F2B855A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889675Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:58.718{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79BC85B9D0AA28030E79093F9A333051,SHA256=1CE390B3A9A8602F27C0F94499FDA7ACEF6B1E61CCDC7C7BA2915BE595E017B6,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026580Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:58.516{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41B019057984513168007D55E6305065,SHA256=9C242BB05313BDE4134A7424A6748BF5867009D2545A8CD3744BD39214A63D62,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889676Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:59.765{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF988CA49C8678E2F0BE49119D09FCAD,SHA256=E0387560A161F6A0ADE3D8F4316FC104DD9E3FCFAC9778AC3554D88C7A9DEDD9,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026581Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:59.531{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE52BA3F35439CAADDEA9F404D80F594,SHA256=082ACA762BCC57D75A7D8FC8F5373391533D20ABFAE64A0EFDE0F313587607AC,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889678Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:00.781{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EDC5E80713BA10403352637C0C05CAF2,SHA256=6BD1738A237B4849B3E20B996558749B2D5351CDED865CA6766A79A3E3F9D5C3,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001026586Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:00.246{2E2BE06D-6DD8-60FA-0F00-00000000E601}368C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse212.102.34.235unn-212-102-34-235.datapacket.com32210-false10.0.1.14win-dc-56.attackrange.local3389ms-wbt-server
23542300x80000000000000001026585Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:00.735{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=774DA825D35B40565ED21E2052904D39,SHA256=D1DF31ABDCFE97343659B7355A071184B4F0B2783855941C2A7B5E9264964BBD,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026584Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:00.735{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4EB64EF2A03DF116B9670CCF4FC06BE7,SHA256=C366EBEA5E00668A9EC98389B041F2FB89ADEE9BC65502A5A741E91946961A05,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026583Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:00.531{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6518101261EB18FF2CABB36E21E58E67,SHA256=1E9BD857F0E831FAE2832E59DB2B7591AD500A91BFF9ED5063E07520B16C0BB2,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000889677Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:50.182{D94AFF6C-6DE2-60FA-6100-00000000E701}3628C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-702.eu-central-1.compute.internal52470-false10.0.1.12-8000-
354300x80000000000000001026582Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:17:59.163{2E2BE06D-6DF4-60FA-6900-00000000E601}3676C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-56.attackrange.local59156-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x8000000000000000889679Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:01.796{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EDAF61DA5A508549CC2B2EA423BCE483,SHA256=65D7BE88FC614E4AC580D09F121A9F1789773BA77CE32AA6813784C64C7BF6C1,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026587Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:01.563{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEB04C97AC001BDEB8AB2734B7D444D7,SHA256=7FB095D39CC0AD3301FB853B91D77A1B93CB50B4325377022F19A5081DA729BE,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889680Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:02.796{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4869A1322C4F57A63AB3890CF9F750C4,SHA256=30F03AD036132A4D441FD73C8CFA060A27C6CBACDF3624CDCCDA94F900FABC61,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026588Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:02.578{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=326266B9A37D1C9C20B1F3D221C20DF6,SHA256=B9B243A66CEE834932E899A10F0D0DC951550A193DCDDD4D9C7FEDBBAC17C994,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889681Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:03.812{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B2A220BFD79471BEAF72E96B329A12B,SHA256=703BF9500513532390BE2A905316863931AD93BA42219F5E61E8B59684C85401,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026589Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:03.578{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26EC353812C8E590F1CD782152A530E9,SHA256=3FB6DB300E1E74AD3F37535BBDD3F4DB467AC98D8039B63B3B4CDE1A27A83B02,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889682Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:04.827{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A4226378BDE530BC888001C0171CA3B4,SHA256=96E11B966DC980CE528A2C51E2C55B45B2BDA1ECDC6BB6EC3067B0D6F0CD3A86,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001026591Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:04.304{2E2BE06D-6DF4-60FA-6900-00000000E601}3676C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-56.attackrange.local59157-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001026590Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:04.612{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DCAAAFEF09AE426F87B6D9F5EEB34CB6,SHA256=3CBC9F14E8C76102140784E7B64955B71F0C73696BA06511AB41652D5ACCAC8D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889684Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:05.859{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9E71497F8291F32A0E80659C2C84EC7,SHA256=1377E9D74B212C92BC91D859DC58065913CE8BDB038015EBF124088703C5D70A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026592Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:05.624{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E3EF755FB7A12663E2DE2A1BBCEF8FC4,SHA256=46CE38937B08594286AF062810BCAD90FDB151AF003FBFE5DD600A0A498D4A72,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000889683Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:17:55.292{D94AFF6C-6DE2-60FA-6100-00000000E701}3628C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-702.eu-central-1.compute.internal52471-false10.0.1.12-8000-
23542300x8000000000000000889685Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:06.874{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3FBBBCC9A0E5594D3B43EA4BF8546A97,SHA256=EF36B48C64AC1BEE5806C8A687510B9E9AA6BDA5B6A4B5B08DEEB90C8829FDA6,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026593Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:06.641{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B716604BA7D6AE1314E831D1AD19DCD,SHA256=F4391B45235A5BA483FAA9C7F447094DA5BA83D5F5D0D2573FCD555E95FDCD7A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889686Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:07.890{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76C9D7857422EF6B8CDC1EC05B82D491,SHA256=F668537F3EEE7E376AA121C2699787F7818EF145201FE7156EFEA03B0629997E,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026594Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:07.642{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53A5A59C8746CDB7F3E9FE1C88002874,SHA256=C8419F53D8152ED2616781C18D234825F8773C14D404F34DACE8555FD1DABC2D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889687Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:08.906{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78AF7ADD27668098793802A76524D5B7,SHA256=D938A580A455CFB71DED1C9A0654E2E9219978978FC93E710130D19B232FA188,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026595Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:08.688{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DD65CDE468E27C91D7EF8487BA84A17,SHA256=3A75910448088EC1172EDF6F742E51DD5FC60D25BCC93B70BCAD81188BB5922D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889688Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:09.921{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D5F2FC5610DAE3120243AEAB18E39F9,SHA256=70AD4E4B32992FCB70B2D9A52FA1174DAC47527766CB04DE6354ED8753D154E5,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026596Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:09.798{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76FD8D9744F8064ACCCABFB18EA7BF79,SHA256=8AD0B6EF42A63BD5B1D81E8F3C2ED8C633AF12F3FD8685EBE1F4334489C40E8A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889692Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:10.937{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64FB5F4314EBD339016AE397A1DD22B5,SHA256=7C5C4653EFA1E3CA1FC2F6E2F693F2C5DFA70E6024C4E84AC44C7DC4DC6A02EE,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026597Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:10.891{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1E217ACB309AC15CFC2FF429BCACD65,SHA256=FAA83BA169C26BB93F2EAFC6E47480932AA5570E72789687F10416A05574EB92,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000889691Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:00.948{D94AFF6C-6DD8-60FA-1000-00000000E701}928C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse193.93.62.20-13985-false10.0.1.15win-host-702.eu-central-1.compute.internal3389ms-wbt-server
23542300x8000000000000000889690Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:10.046{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=86A119A829064B9469010E08CC97AA5D,SHA256=FCDE0924E52C7EDA3CC6D4AA1FBA94588D9829DC3BD418EA37881213CC0E155B,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889689Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:10.046{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B6FA254D2B15CF5E8A68646AE970AA4D,SHA256=6CAF83A4811BA3EB49FD225559519A8F6C532EA172535FE84BCD48A95D5DC4D7,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889694Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:11.952{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEFBA842D04FE18FA8A232682871254F,SHA256=145D20CE2AB895E308C1AF3A2DF0C5DE3A9490291016E2392CDDB10AF7EDF60B,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026599Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:11.891{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=652727BC013ECC2920095D78D2052355,SHA256=0DE0DCFD68FED92A9EC56EECE3CA2D39BF412B4928F9854A5F131A461D1FCB1D,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000889693Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:01.073{D94AFF6C-6DE2-60FA-6100-00000000E701}3628C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-702.eu-central-1.compute.internal52472-false10.0.1.12-8000-
354300x80000000000000001026598Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:10.257{2E2BE06D-6DF4-60FA-6900-00000000E601}3676C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-56.attackrange.local59158-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001026600Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:12.907{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6D0D85EE75C7BD8310B76729187E4B1,SHA256=7742E5BC5FFB6EB5C5F9096DB007A6D63071EE41CAC426EB09920C3141D347D2,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889695Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:12.968{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=247F7709401C357B3B012E72B6DF5747,SHA256=49486AF3BC03277FFAA235407E14E5FD191E6AFAA99EEE2F7C472B3B525319DA,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889696Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:13.984{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D59A1641C81799031A92B1E7CB4037B,SHA256=8B7D203F3E7923E855D381A95F55C84E2B6F8B859F1E716E26F403C3919FE91F,IMPHASH=00000000000000000000000000000000falsetrue
10341000x8000000000000000889699Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:14.421{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD8-60FA-1300-00000000E701}684C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889698Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:14.421{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD8-60FA-1300-00000000E701}684C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889697Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:14.421{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD8-60FA-1300-00000000E701}684C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x80000000000000001026604Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:14.579{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F0F5E6FDBD23B2C4749470F6706B3A35,SHA256=EFCB8EBC8091FF849111C21543FD043FF2770F735AB65A4200EC3DBE9BD57A19,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026603Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:14.579{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=774DA825D35B40565ED21E2052904D39,SHA256=D1DF31ABDCFE97343659B7355A071184B4F0B2783855941C2A7B5E9264964BBD,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001026602Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:14.039{2E2BE06D-6DD8-60FA-0F00-00000000E601}368C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse112.29.139.34-14326-false10.0.1.14win-dc-56.attackrange.local3389ms-wbt-server
23542300x80000000000000001026601Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:14.126{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A01C86FBE3FF4A71AB9E3E93BEBE5C8,SHA256=FC679A32F6205A36E3438A897AAECF340CFDB392242902B5524BFF5637D31C77,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026606Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:15.251{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D38C35B0CF420983E4FB6D1CB63F3A09,SHA256=325E0D7D8375A4CDDB8B855F3826127A3E25E19163B195002C0C885951453891,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889700Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:14.999{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1752874BF672EE835A7ED7CC216A8C28,SHA256=AE798FAFB0194D329AA899EF8560AE705EFFB5555558EF4F1EE917A3CE34D37E,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001026605Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:14.569{2E2BE06D-6DD8-60FA-0F00-00000000E601}368C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse193.93.62.7-33809-false10.0.1.14win-dc-56.attackrange.local3389ms-wbt-server
23542300x80000000000000001026607Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:16.485{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D2F0D185C18F60A9FDF0598A9C9314C,SHA256=F41537A706925E25FE0AD98019EDA204150F71BC58233CEC780FAC062384258C,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000889702Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:06.245{D94AFF6C-6DE2-60FA-6100-00000000E701}3628C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-702.eu-central-1.compute.internal52473-false10.0.1.12-8000-
23542300x8000000000000000889701Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:16.015{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30AD1D80C19910E563ABB574B3A19049,SHA256=06792A8D6DF4F9F7138B96BEB8E144D2744A39F6E14DC7E06F841EEB0C8CB4E0,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026610Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:17.829{2E2BE06D-6DD8-60FA-1200-00000000E601}780NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=41C308986ECC2891472A4D472D6E9FA6,SHA256=397E527DDEF2F076CCAB8D9870D2A335B7AB48A5A5ED3A54AB2B3E115AE2404C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026609Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:17.516{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26EA043D87A593A8A0FF4EC3FD4807EF,SHA256=4A742F8415342219381D5981B50A74EEF2D5E1E9B61B06391543613834453B59,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889703Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:17.031{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BFDBD3404DF9612921FE19092E74EE19,SHA256=2EC1C9FD6A3698AE64FA78CAA8FA3C2F09FC6ACA22C94FCD31D0B08C4FE143EF,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001026608Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:16.163{2E2BE06D-6DF4-60FA-6900-00000000E601}3676C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-56.attackrange.local59159-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001026611Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:18.516{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=365400D93BFF4591133F2A7CA1EC39C8,SHA256=644D0339D5DBCACE2A6C033E556505C841B6706AE51A7A7BDEF2B593EECA77A0,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889704Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:18.046{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C26E1C7A2D2FBBD877AEF25687A7FEFF,SHA256=61712EA00CE71FBAFD3A995377E3A8A2EF612A92A88E5C7E77645C5CAB0E4E37,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026612Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:19.735{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB08DE9FDCF55066836397ED2EBBFCB1,SHA256=493D6EF3927313E2C067046AE6CE1BE23F7CF40DFC3771D5F451F9F8A8992C1F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889705Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:19.062{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B381CB9353F98671B898A4A24A4B5A4,SHA256=D5B1C6AD213675C074CEE78FEA4DA2158FB002D78C875B203313CA59B0702A35,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026613Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:20.751{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B55D5390552BB02AB406C9D228ACB64,SHA256=06DA978121B7DAA2F334B4F2335801D01280D7E0068CAFED67616196C7791F72,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889706Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:20.062{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C1BE0DCD9C8EEBD33BF2BE5518098B7,SHA256=8B65833179D5CE7FDD162110095D085C999581CE526234B0381986002149F5CC,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026618Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:21.751{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=36FABEDED25B4BABCDB492885C694C89,SHA256=912118439C897CD8F26F0E1DBCBC89932DBD121C19003BF937A56170ABEE61D6,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889707Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:21.077{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=108A38D259251E20FDE1ED43A9ADA1B4,SHA256=DB81EE8DE293C6F91418205CC894BE45C96A90D6CDB8E3B6AEFD08F6B51400C8,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001026617Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:21.391{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DD9-60FA-1600-00000000E601}1332C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026616Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:21.391{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DD9-60FA-1600-00000000E601}1332C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001026615Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:21.391{2E2BE06D-6DD8-60FA-0C00-00000000E601}844584C:\Windows\system32\svchost.exe{2E2BE06D-6DD9-60FA-1600-00000000E601}1332C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
354300x80000000000000001026614Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:21.257{2E2BE06D-6DF4-60FA-6900-00000000E601}3676C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-56.attackrange.local59160-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001026619Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:22.891{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C16961AE144BB076C1CB7A1EEAFB841A,SHA256=6BF52F2EF50D3C1E520A9A1865283CBD8ED653B0BA8B0E4BCC685182957CED3F,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000889709Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:12.229{D94AFF6C-6DE2-60FA-6100-00000000E701}3628C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-702.eu-central-1.compute.internal52474-false10.0.1.12-8000-
23542300x8000000000000000889708Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:22.093{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1B0F9764BA246BF1D088F118A15591C,SHA256=9ECE6348BBC4C89F89730119518CF4BFFF17F3BEF925C1292235AED874AC1742,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026620Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:23.954{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=178AECE55EF23C9333AD19A443E72504,SHA256=AE62588B0C2930A6AB2AAE3AFF38C48E34E35271BD0F2FEAB248C53BBB666E6F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889710Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:23.109{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BBD4BD5B02835E379ED1743F74B1D3A2,SHA256=5D9E14699E0A8C416B727628C5FBF4C1A7802BA60A63AD6E2C03949CA1B2FE5D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026622Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:24.969{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5ED8066011B273D36084AD092527391A,SHA256=BFB40B0EA425809FC2BAFCD433BC726BEA130A6712F3D7846B72BB95F1A825C8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889711Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:24.124{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8EFA685FD3F562EF2F204E2C89978823,SHA256=5CBF7E0D2F8147510B824676F38B7550061EBF521D534AEDA56997033277EA79,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001026621Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:24.891{2E2BE06D-6DE8-60FA-2700-00000000E601}2892NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=85E02EEFEB94889C2B3FA0450D64D965,SHA256=FD2D44B44F455C51F744FDF6D494B2B2CAA113DD2D7C2DD2E0FED42E8CA25B0C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889712Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:25.140{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=35D71A9325A6090E6F953F05903F6F9C,SHA256=8D9EF3D53D0427EAD13F43174C3483A4635963D004404F29978519468A975BF3,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889713Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:26.249{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=527BCD4BCAAB7961CF15E21F26F4A5C4,SHA256=2AF7EF5749566A1FB9028CD54F3B4CACA8AF596D447B0697EE1CDAA9958854F7,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001026624Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:26.007{2E2BE06D-6DE8-60FA-2700-00000000E601}2892C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-56.attackrange.local59161-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089-
23542300x80000000000000001026623Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:26.001{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7CDFBFEC7657D2BB737B62EC8CF9289D,SHA256=571620D621FF88C2207D650A2C684FA2FF8258C9ABC4CD465EC47701196A8973,IMPHASH=00000000000000000000000000000000falsetrue
10341000x8000000000000000889728Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:27.905{D94AFF6C-6DDA-60FA-2B00-00000000E701}28322852C:\Windows\system32\conhost.exe{D94AFF6C-6FD3-60FE-8478-00000000E701}2788C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889727Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:27.890{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889726Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:27.890{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889725Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:27.890{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889724Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:27.890{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889723Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:27.890{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889722Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:27.890{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889721Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:27.890{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889720Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:27.890{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889719Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:27.890{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889718Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:27.890{D94AFF6C-6DD7-60FA-0500-00000000E701}416532C:\Windows\system32\csrss.exe{D94AFF6C-6FD3-60FE-8478-00000000E701}2788C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x8000000000000000889717Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:27.890{D94AFF6C-6DD9-60FA-2200-00000000E701}12963324C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D94AFF6C-6FD3-60FE-8478-00000000E701}2788C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x8000000000000000889716Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:27.891{D94AFF6C-6FD3-60FE-8478-00000000E701}2788C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D94AFF6C-6DD8-60FA-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{D94AFF6C-6DD9-60FA-2200-00000000E701}1296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
354300x8000000000000000889715Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:18.197{D94AFF6C-6DE2-60FA-6100-00000000E701}3628C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-702.eu-central-1.compute.internal52475-false10.0.1.12-8000-
23542300x8000000000000000889714Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:27.484{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D12BFDD138FB43D57A50E106B819CDE,SHA256=08596C23B48E71BC849839C776DAAFD0116467EE34D3F43F4F40EFDD84838CBC,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001026626Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:27.241{2E2BE06D-6DF4-60FA-6900-00000000E601}3676C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-56.attackrange.local59162-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001026625Microsoft-Windows-Sysmon/Operationalwin-dc-56.attackrange.local-2021-07-26 08:18:27.094{2E2BE06D-6DFB-60FA-7200-00000000E601}3928NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BA0DE89C24EFD368D07FC3A5198B50E,SHA256=3175116CC23B5D1F72A06B0385DD94A92BD81715A3A9C4A7DF3D053C3FE0E3B2,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889745Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:28.906{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EA7EBC388FCF02F3D5800ADFB42E8CC7,SHA256=4E622F5D468FE710269EEF50745291489CAE52D471D19A75E61ABE140F28DC9E,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000889744Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:28.906{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=86A119A829064B9469010E08CC97AA5D,SHA256=FCDE0924E52C7EDA3CC6D4AA1FBA94588D9829DC3BD418EA37881213CC0E155B,IMPHASH=00000000000000000000000000000000falsetrue
10341000x8000000000000000889743Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:28.687{D94AFF6C-6FD4-60FE-8578-00000000E701}20683928C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{D94AFF6C-6DD9-60FA-2200-00000000E701}1296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889742Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:28.577{D94AFF6C-6DDA-60FA-2B00-00000000E701}28322852C:\Windows\system32\conhost.exe{D94AFF6C-6FD4-60FE-8578-00000000E701}2068C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889741Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:28.562{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889740Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:28.562{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889739Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:28.562{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889738Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:28.562{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889737Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:28.562{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889736Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:28.562{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889735Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:28.562{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889734Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:28.562{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889733Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:28.562{D94AFF6C-6DD8-60FA-0C00-00000000E701}7282928C:\Windows\system32\svchost.exe{D94AFF6C-6DD9-60FA-1D00-00000000E701}1924C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000889732Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:28.562{D94AFF6C-6DD7-60FA-0500-00000000E701}4161852C:\Windows\system32\csrss.exe{D94AFF6C-6FD4-60FE-8578-00000000E701}2068C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x8000000000000000889731Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:28.562{D94AFF6C-6DD9-60FA-2200-00000000E701}12963324C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D94AFF6C-6FD4-60FE-8578-00000000E701}2068C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x8000000000000000889730Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:28.562{D94AFF6C-6FD4-60FE-8578-00000000E701}2068C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D94AFF6C-6DD8-60FA-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{D94AFF6C-6DD9-60FA-2200-00000000E701}1296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x8000000000000000889729Microsoft-Windows-Sysmon/Operationalwin-host-702-2021-07-26 08:18:28.484{D94AFF6C-6DE9-60FA-6B00-00000000E701}4016NT AUTHORITY\SYSTEM