23542300x8000000000000000399024Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:32:44.965{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B79897989EC81986A63B6B41242052F4,SHA256=2E47C9F6BFEBA83746F794DD2969B51D9BC4ED789DDE864F9AFC97EFE45A93A7,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454282Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:44.367{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDDA5A39D8D1FED7659936ADFF186328,SHA256=C063DEF6DDB9C16C4C05A8B6F6870D62BDB9B9E48B32555E515C1D947B23CD9A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399025Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:32:45.981{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D72842B537D6DCD3BE100E7BFCB7A2F,SHA256=168697A9E1A147C82621D5B33EA08C14871F9DD9BBB62C383682F1930FAD297C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454284Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:45.382{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EDD61565C98D6B69519063B20955AEF0,SHA256=E4217058AEC49155F2B6C611A7D1B023E462B0C7DEA69FF0C15DE6AA5C61A812,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001454283Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:42.632{D694AEB8-B406-60E2-6A00-00000000D301}3116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-201.attackrange.local60966-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001454285Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:46.396{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3B5BE91A335409F36FBD996E4B13145,SHA256=372922F8043743B694BC3A68FD865F038302E824FE83A518C36EBBFCD17B0145,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454286Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:47.426{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A2CB8B89CE70357521936B3BFDE5319,SHA256=3A57C49BE9382A0B73C2671D3E4CCE9C45076F3517E2DE90A1AE4AAFC3E0AEDA,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000399027Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:32:45.452{7F1C7D0B-B3F0-60E2-6200-00000000D401}3000C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-884.eu-central-1.compute.internal53963-false10.0.1.12-8000-
23542300x8000000000000000399026Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:32:46.997{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=95186E345E5B66B21DA53D2ED3DA6DCC,SHA256=3EFB0473822462909F519E6766CFDB4EEDFEB6DCCF738A073CCEF26F5FA05810,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454287Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:48.442{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C50CAA28FFAD1471DB7B273C58DB9503,SHA256=6D623CD406FB0F8831D483F7E35C0FDC3EA64D70492C6B5E967C23C05871DF8F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399028Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:32:47.997{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C778E1BC1016DBBFA068F4BD02DB09B,SHA256=A5DBBF7F545B1710145EF210FB2F34C2F994192254672174B492A34FB700E2CB,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399029Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:32:49.216{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0FB2E4740CBEFA85CB5C28C11137DFAE,SHA256=292215B6B0DD951EF4CE180894F975CC3E4CD5909C0BFE39613C37FD734E8A88,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454288Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:49.460{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8B7E1D38219D85566BD2A27BE5E2354,SHA256=9A81C7F54A207B25C034DE1BC93D275E4C40C04B2B66ED7FA5367AD15428732F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399030Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:32:50.262{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76D9DBCB8F8C18F9B759BE5A8B20991D,SHA256=B70687B751E077B1F96CBF4685F2EFC67900EB7444495059649A4FBEBDA9D76A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454292Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:50.466{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1CCF5C740C1A1184E7FF4DDD03A3014,SHA256=DE71DAA0E29D2785599D506AEDBE7031F0B41C4B17F6DC207275E3F1A6D1BE58,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001454291Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:50.446{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3EA-60E2-1500-00000000D301}1244C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454290Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:50.446{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3EA-60E2-1500-00000000D301}1244C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454289Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:50.446{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3EA-60E2-1500-00000000D301}1244C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x80000000000000001454294Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:51.496{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82DF6E1C38F2B39501CFE84DC18233B3,SHA256=220E3404D3B6AF7BDC3FD228C473B8FD4EB891B69E78AAAC471F2BDA959E5F66,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399031Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:32:51.278{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD91AC6C600445984F968B6C7E8552D3,SHA256=2F7E2DB2B9A29E6E2CA09E0E88543E163314446916F8E936084A43DC77F74184,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001454293Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:48.624{D694AEB8-B406-60E2-6A00-00000000D301}3116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-201.attackrange.local60967-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001454295Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:52.526{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=393827AAB4D2DC47B1B6E1A5127620F5,SHA256=2A2C3E2DB7E98C97714F3E4A363FF6EDFF17E53C39E3430E48AADC390E5E257F,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000399033Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:32:51.436{7F1C7D0B-B3F0-60E2-6200-00000000D401}3000C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-884.eu-central-1.compute.internal53964-false10.0.1.12-8000-
23542300x8000000000000000399032Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:32:52.325{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=002214C4EC90126784538630529333CE,SHA256=75EC9ABC2785671D61544EC7F7A8CAF1F8308D9F8BF6CB5E6B2FD6D58D587EC7,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454296Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:53.542{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B746B1FEC54894ED57CC9F8EDF903325,SHA256=752DC527D9B68D14B940BCC8A881231C9FC844725F12ECBDF4D11113952CB355,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399034Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:32:53.372{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D8480469FF712CD9B05F22D48D64E229,SHA256=C34C11AF21D99C1FE08068F84F63E38C1CCAADC149934CEF3DA36A0AC8F5857F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454297Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:54.561{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82B6FBABB839B9ED1941732D4CFAF604,SHA256=06F8F6FB3FD3CD17700B683C5F67C85922BA0CA933DF9F213C695C282E0FA2A6,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399035Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:32:54.372{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B38D442857F465FCAD32B16FEE8872B5,SHA256=4F1B006AE4F31D68B78520294CAFEB2ADF20DBC1C615671041E9256FE5E5257E,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454298Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:55.576{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B481ACE61D571733DD2E8D69E059460C,SHA256=E50F357E765924E23D30893E96EAA51F101328C9782D54A936EB9CCEC5D7B103,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399036Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:32:55.372{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F63D07B565F576D93B8A1AEFF5FFB0AF,SHA256=846EE5BFB8095B90B7EB8A43FAEEF4180EDD8FD0B8F5422475C51746B8768990,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454300Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:56.590{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5852CF66A6DA1B2CBD5D80F79DFEF04,SHA256=272B05AA8106321EFEA865C0FE08D5501EF80FF841D43D298A82B4B114E16540,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399037Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:32:56.372{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6EB4414F163AB1B4366213C23925824B,SHA256=68E5C53945DEBF415C62555828580E72E1A35945187C0CAD67207E6DDCE742E1,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001454299Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:53.672{D694AEB8-B406-60E2-6A00-00000000D301}3116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-201.attackrange.local60968-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001454301Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:57.605{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B05C6CF9576C76832EB38942F0A1F5B,SHA256=4FA6DE8B84E4958E3B6A2F3BAAF133A3D028B523B93B0E70964F0152EE6B257C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399038Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:32:57.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B6DFE4CF7D4933C3DC1B8331F446F2A,SHA256=838F93313A60C4AB57ABCFF6DC1F6EF3DD6CDF7AE94A9B7C979EC3E22A02BD94,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001454310Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:58.957{D694AEB8-B3FB-60E2-3200-00000000D301}31323152C:\Windows\system32\conhost.exe{D694AEB8-0A0A-60E3-380B-00000000D301}4692C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454309Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:58.957{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454308Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:58.957{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454307Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:58.957{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454306Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:58.957{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454305Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:58.957{D694AEB8-B3E7-60E2-0500-00000000D301}412552C:\Windows\system32\csrss.exe{D694AEB8-0A0A-60E3-380B-00000000D301}4692C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001454304Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:58.957{D694AEB8-B3FA-60E2-2A00-00000000D301}29484004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D694AEB8-0A0A-60E3-380B-00000000D301}4692C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001454303Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:58.958{D694AEB8-0A0A-60E3-380B-00000000D301}4692C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D694AEB8-B3E8-60E2-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{D694AEB8-B3FA-60E2-2A00-00000000D301}2948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x80000000000000001454302Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:58.638{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0CD159CE6C087EA4F8BFE34D3AFDEF3C,SHA256=C87EA8FE76E0FCF3ECA8BC9129036B4E7EA8B641E3DB68BC35D54311CB7C4ADC,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399039Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:32:58.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E626E19B6CB58D996DB2A10F1586481,SHA256=AF6A014A5B33A1C0DD7495A229472F3BD3126A8D27A5FCB321570B9161C57EDD,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454319Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:59.656{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0CFDBA70D2A6DA5C7394FA59188A6C4,SHA256=211D78307B7F7995290B8BB5824DE7B005EB7489C0011A2B83BFA624D65C1AB1,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399041Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:32:59.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4721FB6CD238EDEF2E5ADE69F03209A,SHA256=FF0848A34DA4E7BCE5D191648DBF64032CA5DD25491817895F26E4C10265DD52,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001454318Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:59.639{D694AEB8-B3FB-60E2-3200-00000000D301}31323152C:\Windows\system32\conhost.exe{D694AEB8-0A0B-60E3-390B-00000000D301}6068C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454317Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:59.637{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454316Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:59.637{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454315Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:59.637{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454314Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:59.637{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454313Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:59.637{D694AEB8-B3E7-60E2-0500-00000000D301}412552C:\Windows\system32\csrss.exe{D694AEB8-0A0B-60E3-390B-00000000D301}6068C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001454312Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:59.636{D694AEB8-B3FA-60E2-2A00-00000000D301}29484004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D694AEB8-0A0B-60E3-390B-00000000D301}6068C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001454311Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:59.635{D694AEB8-0A0B-60E3-390B-00000000D301}6068C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D694AEB8-B3E8-60E2-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{D694AEB8-B3FA-60E2-2A00-00000000D301}2948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
354300x8000000000000000399040Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:32:57.468{7F1C7D0B-B3F0-60E2-6200-00000000D401}3000C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-884.eu-central-1.compute.internal53965-false10.0.1.12-8000-
23542300x80000000000000001454331Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:00.686{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90E72D549BC53EBD0F015AD0F725FA25,SHA256=3E2F2A60ECA04A1020C425BC5E0EC5629A33E7E1B0E265BD537454C279AA6EA5,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399042Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:00.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=548C7B2DDE2AE95F10433BC327AC5652,SHA256=9A29DAA51A9A2431DDA440CEC1EC3DFAF0ECDFD443B24D71B7226D01DB0320F3,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001454330Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:00.470{D694AEB8-0A0C-60E3-3A0B-00000000D301}12526816C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{D694AEB8-B3FA-60E2-2A00-00000000D301}2948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454329Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:00.318{D694AEB8-B3FB-60E2-3200-00000000D301}31323152C:\Windows\system32\conhost.exe{D694AEB8-0A0C-60E3-3A0B-00000000D301}1252C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454328Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:00.318{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454327Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:00.318{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454326Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:00.318{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454325Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:00.318{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454324Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:00.318{D694AEB8-B3E7-60E2-0500-00000000D301}4123364C:\Windows\system32\csrss.exe{D694AEB8-0A0C-60E3-3A0B-00000000D301}1252C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001454323Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:00.318{D694AEB8-B3FA-60E2-2A00-00000000D301}29484004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D694AEB8-0A0C-60E3-3A0B-00000000D301}1252C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001454322Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:00.318{D694AEB8-0A0C-60E3-3A0B-00000000D301}1252C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D694AEB8-B3E8-60E2-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{D694AEB8-B3FA-60E2-2A00-00000000D301}2948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x80000000000000001454321Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:00.002{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=62C07E4AA1A30A2E6A0D02A3A23D49CA,SHA256=A16AF25C2D773C284938ECB941698E972D84880F24C5D20AFE54DCBA44FF0207,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454320Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:00.002{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B05CA0F5066CDD1AC8C82E74E0E0EAE4,SHA256=9FF994A68B8ECA753D097628D044B63A010FAEA88D81012F1934651AB9DE7FB2,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454335Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:01.986{D694AEB8-F83C-60E2-EF08-00000000D301}6572ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\yzehmadb.default-release\datareporting\aborted-session-pingMD5=0D4C030C1FAABAB1A7B4DC5CBFCF8269,SHA256=E12F0C07CDB88042FB80ECD6169B974215B4608B64B7371056ABCE3AD10628F8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454334Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:01.716{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB6A50F58D8520F3E44D8A35BBE61ACC,SHA256=A2A30529036140A4F287C030F40745BEB740A90D406725F279F7622C4DAE410B,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399043Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:01.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C3D7B5E7B716F55733B5BBF2D9BA102,SHA256=664DB646A41D0B267A960A447E4459194F115789A7CA34FBC10657F775548978,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001454333Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:32:59.503{D694AEB8-B406-60E2-6A00-00000000D301}3116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-201.attackrange.local60969-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001454332Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:01.354{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=62C07E4AA1A30A2E6A0D02A3A23D49CA,SHA256=A16AF25C2D773C284938ECB941698E972D84880F24C5D20AFE54DCBA44FF0207,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001454344Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:02.936{D694AEB8-B3FB-60E2-3200-00000000D301}31323152C:\Windows\system32\conhost.exe{D694AEB8-0A0E-60E3-3B0B-00000000D301}2848C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454343Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:02.934{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454342Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:02.934{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454341Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:02.934{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454340Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:02.933{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454339Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:02.933{D694AEB8-B3E7-60E2-0500-00000000D301}4123364C:\Windows\system32\csrss.exe{D694AEB8-0A0E-60E3-3B0B-00000000D301}2848C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001454338Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:02.933{D694AEB8-B3FA-60E2-2A00-00000000D301}29484004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D694AEB8-0A0E-60E3-3B0B-00000000D301}2848C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001454337Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:02.932{D694AEB8-0A0E-60E3-3B0B-00000000D301}2848C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D694AEB8-B3E8-60E2-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D694AEB8-B3FA-60E2-2A00-00000000D301}2948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x80000000000000001454336Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:02.734{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E81A05AF0B26FC343525316A3C075DA,SHA256=C53F18CCBF0020FBC706430BD4043578B8370101220D253DF3ABDF58A414BBAF,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399044Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:02.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C51B0A994BE6C498A658BE50CBD269D3,SHA256=9547D5BBFF5F7DD416DF64B9E1DC2D02806CF93EF8BA7B0296CC6B95C60EADFE,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454356Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:03.967{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A44887A46BF80450485752CE799C7CDC,SHA256=54602F8D687F60C2AA29070A5AB6533E6C5218E232B44D3E5A287A8B66E7FC6F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454355Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:03.751{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=96C52345C6AB0BC3BCD1AB9ED0CDC2FF,SHA256=865A063E193AEFA90C5DFAF9EEE150973246700AAF76F7DFE54499A7B03EC94C,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001454354Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:03.751{D694AEB8-0A0F-60E3-3C0B-00000000D301}58081872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D694AEB8-B3FA-60E2-2A00-00000000D301}2948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x8000000000000000399045Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:03.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=047118F863D56DF8A7DA5777DADF0835,SHA256=F277A92877881D00D864FDC00CDDDBDB4DE191DBE33B32316E6A908C81D44846,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001454353Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:03.614{D694AEB8-B3FB-60E2-3200-00000000D301}31323152C:\Windows\system32\conhost.exe{D694AEB8-0A0F-60E3-3C0B-00000000D301}5808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454352Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:03.614{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454351Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:03.614{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454350Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:03.614{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454349Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:03.614{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454348Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:03.614{D694AEB8-B3E7-60E2-0500-00000000D301}4123364C:\Windows\system32\csrss.exe{D694AEB8-0A0F-60E3-3C0B-00000000D301}5808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001454347Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:03.614{D694AEB8-B3FA-60E2-2A00-00000000D301}29484004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D694AEB8-0A0F-60E3-3C0B-00000000D301}5808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001454346Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:03.614{D694AEB8-0A0F-60E3-3C0B-00000000D301}5808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{D694AEB8-B3E8-60E2-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D694AEB8-B3FA-60E2-2A00-00000000D301}2948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x80000000000000001454345Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:03.083{D694AEB8-0A0E-60E3-3B0B-00000000D301}2848724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D694AEB8-B3FA-60E2-2A00-00000000D301}2948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454374Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:04.966{D694AEB8-B3FB-60E2-3200-00000000D301}31323152C:\Windows\system32\conhost.exe{D694AEB8-0A10-60E3-3E0B-00000000D301}6380C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454373Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:04.966{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454372Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:04.966{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454371Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:04.966{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454370Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:04.966{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454369Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:04.966{D694AEB8-B3E7-60E2-0500-00000000D301}4122856C:\Windows\system32\csrss.exe{D694AEB8-0A10-60E3-3E0B-00000000D301}6380C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001454368Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:04.966{D694AEB8-B3FA-60E2-2A00-00000000D301}29484004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D694AEB8-0A10-60E3-3E0B-00000000D301}6380C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001454367Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:04.967{D694AEB8-0A10-60E3-3E0B-00000000D301}6380C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D694AEB8-B3E8-60E2-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{D694AEB8-B3FA-60E2-2A00-00000000D301}2948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x80000000000000001454366Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:04.782{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8CE6968C97A8DF0190DE39D0F5CA8E48,SHA256=A2F457491DD920ABB3B0CA0F78A76ECF5DD84646809296DAD0154705574A8291,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399046Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:04.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B70CA6689A0E6556FBAB19ADCA1C2C0,SHA256=288B1E92AF85599454BC77EC7386EF451E2047CE6CF64E063792C99081B39CFD,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001454365Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:04.451{D694AEB8-0A10-60E3-3D0B-00000000D301}52846480C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{D694AEB8-B3FA-60E2-2A00-00000000D301}2948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454364Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:04.282{D694AEB8-B3FB-60E2-3200-00000000D301}31323152C:\Windows\system32\conhost.exe{D694AEB8-0A10-60E3-3D0B-00000000D301}5284C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454363Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:04.282{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454362Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:04.282{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454361Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:04.282{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454360Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:04.282{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454359Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:04.282{D694AEB8-B3E7-60E2-0500-00000000D301}412552C:\Windows\system32\csrss.exe{D694AEB8-0A10-60E3-3D0B-00000000D301}5284C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001454358Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:04.282{D694AEB8-B3FA-60E2-2A00-00000000D301}29484004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D694AEB8-0A10-60E3-3D0B-00000000D301}5284C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001454357Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:04.283{D694AEB8-0A10-60E3-3D0B-00000000D301}5284C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D694AEB8-B3E8-60E2-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{D694AEB8-B3FA-60E2-2A00-00000000D301}2948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x80000000000000001454378Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:05.796{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4509531D122101317737776897ECF1D,SHA256=474F119A0BB70069E1C60E9340A67C39E84251EC1D9225A088E161F6CDA59656,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000399048Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:03.454{7F1C7D0B-B3F0-60E2-6200-00000000D401}3000C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-884.eu-central-1.compute.internal53966-false10.0.1.12-8000-
23542300x8000000000000000399047Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:05.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7CBCF26A08E287DB5F701E330319DA4,SHA256=1F1CB51574CB120CF60F816AD0987BAEB9EB4BD7A7CAC8B40811E35A3EDA3EF7,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001454377Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:03.377{D694AEB8-B3E8-60E2-0B00-00000000D301}656C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-201.attackrange.local60970-true0:0:0:0:0:0:0:1win-dc-201.attackrange.local389ldap
354300x80000000000000001454376Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:03.377{D694AEB8-B3FA-60E2-2400-00000000D301}2788C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-201.attackrange.local60970-true0:0:0:0:0:0:0:1win-dc-201.attackrange.local389ldap
23542300x80000000000000001454375Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:05.312{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=648FB90FCC6673F3F0F7CC28B6B03101,SHA256=9A0FC2EA63B6F05AD043E2F76B7B7D96B1B13F7AB30508B6DF68ABBF1B01646A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454379Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:06.811{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F90A120760222218EC80FFD2E63EA840,SHA256=EFE288041537882824084AE02D8A879B78FD2019A2D220CA85F33D6F084C666E,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399049Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:06.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B42BEF06B458E768F23D4C20538D684C,SHA256=624F039386DE12C976C92B2EB5FB592C52D20A4E0E6A7A71003F9041671A9FA4,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454381Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:07.828{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81B4E1C7A29598A2CC972A79C7E3F330,SHA256=02E931CAAB588A9ED9D590563690B93D5171DAF90BB22495516FB3E1D0C960CB,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399050Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:07.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=201EBE2ACD4B5917420C4AEFC79F45DE,SHA256=8FF2C0DB62D706333310D7F0A6752584303045EB7D21C4CCEFD33968AA3323C1,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001454380Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:05.529{D694AEB8-B406-60E2-6A00-00000000D301}3116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-201.attackrange.local60971-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001454382Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:08.846{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1FCCBE19CDD98F6F1A65F39FF93B93D5,SHA256=38E2DE1512542BB1ACA18605B8A01AE503CFDD5F6A51A351B1B9EB27C56B026F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399051Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:08.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F6AE192155B077D116894DB892D74C8,SHA256=183FA17151BB9316516D7A29B01D9153D86DA4FCCD7ABAD39FEFC25ADF09B250,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454383Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:09.876{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F6441519A14D5AC7481BE50CCDE0ED96,SHA256=797A837E55DF81B9593AD609B167EFECE38E895BDCF364EA4CDC60BCED351F7E,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399052Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:09.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4CF5DB7376CE290CF08E13D2E4EBD1B7,SHA256=D298D4E57EA950C0A9D4B961DBFBC67240A67601DA26EA541CBDB249449A6B2F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454384Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:10.927{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47BBAFB126709E28E5AA498848F94E7D,SHA256=5D4F1E2A1406506B9497FC91B7F57C252F44412FDC92F220D078366E9329AF58,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000399054Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:09.218{7F1C7D0B-B3F0-60E2-6200-00000000D401}3000C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-884.eu-central-1.compute.internal53967-false10.0.1.12-8000-
23542300x8000000000000000399053Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:10.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56E5F7D0DB02EC39DE299D3E233ED325,SHA256=E52D80621F02360D34B75667DA3D847FB2F003B29F92AC3BB52C74152B707F31,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454385Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:11.943{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9417718B50027A132402555E99416D8F,SHA256=C4543A54A9BB088F142B3F152E824ED3A643AC2696DA57ADCAE1B7C05589D8D3,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399055Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:11.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C92A83E235A11510CA9EC14B4229824,SHA256=1C8D9B028EA41C68D91F38E2761582E6ABC9149228AAEFA99F8A20181CEDE4D8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454386Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:12.957{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C39625F59F23F52449001351CEBCD21F,SHA256=35B4AFB04CEDE9777FA09A19C88C2717B4BBA6D0FB3E5447F12C051B63937BA9,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399056Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:12.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=00A861F2A4A406881242C49FD0C8D631,SHA256=74981E6A3968C38DB680AE82890223A2A1F8A1774D035B99654B062FBDBA5746,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454388Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:13.972{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D59DE28A7CEB6B711799F301EEFD4EA,SHA256=CFCFF520959D49511D1602A47575741A924115C26EC56F9F1B16F1AA5D1C6F88,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399057Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:13.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=152CBFB5C0E92B3A099169E2ECBC9F57,SHA256=DE99DB3CF8BD1164BBD19415451EC645B18A5EB62336D448D8002EE4E46D6A21,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001454387Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:11.537{D694AEB8-B406-60E2-6A00-00000000D301}3116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-201.attackrange.local60972-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001454389Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:14.986{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57B66F12A3AFF3D3D33C92DA1A58AC34,SHA256=730ADDB960DC6DADC1DECBB49E786797791212C33E0A76FA81527F328513BA70,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399058Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:14.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=536D8397BBE7B86BAE70A43E43A87AD8,SHA256=A030219BB3EE7FB17D1BDC568759FBA6D0C23018CC246FFE10F6A25668EBFC72,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000399060Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:14.468{7F1C7D0B-B3F0-60E2-6200-00000000D401}3000C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-884.eu-central-1.compute.internal53968-false10.0.1.12-8000-
23542300x8000000000000000399059Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:15.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D82406202FE33CA465302B2232ADAE3,SHA256=2B50714A17B84FFA4B706DB1B589EB5DFE6DF56FD9B95EEA37BC5FD7FEF7658F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399061Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:16.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=997E7CE7815D5427BD7B89693D079780,SHA256=85E810450E36469CD37429D77AF281EC7ACAB9E18D95E40629CB0030AE42A04D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454390Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:16.000{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=12F40A26C6021E2BC7C0682FEA8BB954,SHA256=BBB9507E64F0092C1EF7D87D88E7F0E2BEAD7A15F8B30427B51FB069229514FA,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399062Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:17.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3FE638301024A94F4FFBFCA0C145B483,SHA256=B7818528B324C089975B91D979CF4FA3139B4257B90C448307C0D87476B2267A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454391Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:17.018{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=833B53CC0BEAA12306490B4C67967E3C,SHA256=0E81FC89BC99DAC23A60311AF6C90C0F7C4711DF871302C647F8F645FE5662A1,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399063Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:18.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A55B8DEB2B1E3818D73B2D986F9B9CD9,SHA256=A67DDC90378BA2C9656CA0D562B6AC071A56B81AC31E1228FCCBED2F421EFCB3,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454392Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:18.051{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3889BB4761703AE4E480736C49293702,SHA256=E18DFCABC19D671A66F0D0586A105CDE6C0903C26F9B4052D7833D79DFDA9B8E,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399064Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:19.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EFEDD22589B31A327A5E8B07B3BDD589,SHA256=316CA05BA8C867C8D520C6E93F70BF434D2A8FF064B11FD7768D814923C165DF,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001454394Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:17.561{D694AEB8-B406-60E2-6A00-00000000D301}3116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-201.attackrange.local60973-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001454393Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:19.066{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88B7F2FB7AE31207896F4781708CBEE1,SHA256=DD77CBDA10F6F4741C4CC0B304C342F1ECC590A7ED51AD23D6DD6D7F4B3690F8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399065Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:20.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EECD91BF8003B0A317B0D363C9E67977,SHA256=B03D7F48543A9514A10E651855F1CE0BF2598F97EC0F3C89A7E7E1346B4ECBEB,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454395Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:20.081{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D734D00F76015417B5002627300504A6,SHA256=4C9E7BF6D83DD3C8EE1F6A25085AF3CCEE82F70F30F5CCC000E07353915F3BBA,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399066Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:21.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4AF7A1DC805F6E611F1D8DD5E40016B8,SHA256=CDB25E1D208FF69823A0FD076D649290F47FDA75CB2CDC2B66C4429D770255A5,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454396Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:21.095{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=55B12E13E8F1098903CFFCCEB1C2B648,SHA256=EDC0B820EA137986DCCF9F9765C61F10A02D161905496847E62AF701BFDC30C0,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399070Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:22.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0146909C5B256C0D190239C5BB1E7A75,SHA256=025B33162A3C5D002BEA10F1A2E5376470A7ECD74C088083F229BB0ABD12F00C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454397Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:22.113{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F92C73B5E1D7253FD0EE9A605236EFCF,SHA256=5C0834EA1B9480D9A77D9C87517C00883C6A6B8E85BA2E8983FFB5DEA8A1C6BF,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399069Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:22.122{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0E924BF87336752B52DDE092EA7193B2,SHA256=4D75E8F84FF60465C1908B384675AD20ED55CEB76F531165170B99C19CA36204,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399068Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:22.122{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=614257C0351B1C167B87EA0F6959BBB1,SHA256=3BD69E1EAB036F94960C922F8C026A7DAEB19CEE91F3B92359D5A865587ED8D6,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000399067Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:20.249{7F1C7D0B-B3F0-60E2-6200-00000000D401}3000C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-884.eu-central-1.compute.internal53969-false10.0.1.12-8000-
23542300x8000000000000000399072Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:23.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA064B5A250F943800F3EBE52F21DBC1,SHA256=BCE12C76E77BAC3EB02FFA237122C9F937DA4F8B1E8E7855C09A95133D9613B5,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454398Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:23.131{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8A527696A1D34719196C2C660FFD2D8,SHA256=E6E7B4B4EC4D19485A68D6B60BBF12AB52C3A4B21E439B1639BA1B47642B9745,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000399071Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:21.019{7F1C7D0B-B3E4-60E2-1000-00000000D401}960C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse195.78.54.166-61152-false10.0.1.15win-host-884.eu-central-1.compute.internal3389ms-wbt-server
23542300x8000000000000000399073Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:24.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FEE26F543BE982DF0AEA6B361F694770,SHA256=D27BCCC5F57426088805924128821B826154CBD56019976C0E5A0E4F082A58BC,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454399Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:24.146{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66217471F65DCE0D7C84AB16640ECCC2,SHA256=314F7C738EC4536017EF6A3387120B06C3F07920D6338D77B8E8A2092BFAE9A3,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399074Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:25.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1657048177B19A1C8ABABFD77EBB393A,SHA256=F92480B6E0A27EBE135E2B4B050265E0116E43830181FA5B60F70A8BD11A5914,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001454401Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:23.593{D694AEB8-B406-60E2-6A00-00000000D301}3116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-201.attackrange.local60974-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001454400Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:25.160{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BBC3614E4863DCA10D13BB6C7C8F10A2,SHA256=8BCCB0FB707ED62B6AAC8C68E20E51BC96C39684B09806F09AF04C1DAF22C3FE,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399076Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:26.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB0A5CBAAA425B254A9E921671C771B9,SHA256=293669D55A9C78D121CF169969483D7BD82404ED4023BE9B97BAED25893805F9,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454402Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:26.190{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AD6688C2348563610A80D53928E5720,SHA256=F0509BA96D0B0D6F4E9DC76FFE28FF60E1C0707FB1EA50BE24CC5CC000396467,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399075Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:26.372{7F1C7D0B-B3E4-60E2-1100-00000000D401}996NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=27DFB73D54298AA27B86C45CDB20658D,SHA256=DB803251174EEE27A9E6E1BF0CCD9BB7C440BCAFD5A36B2EFAA5B0FCB929EF47,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000399078Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:26.234{7F1C7D0B-B3F0-60E2-6200-00000000D401}3000C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-884.eu-central-1.compute.internal53970-false10.0.1.12-8000-
23542300x8000000000000000399077Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:27.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0695B3076D6219D19FA3268C1004707A,SHA256=68445B772C614C120529A88C7C405D8C21986128E53BFC75462F999EC27A5270,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454403Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:27.206{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC46151180CB78769AB665AF88430DE1,SHA256=6284C1763BAB9BA8807534EBC9F12591CE1971E9A935E9FED991ABF3E5C903E9,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454404Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:28.225{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=728090882D8E3D4F2C037BC107B3F1F2,SHA256=F5EAEAD33FEFDEFFFD5EDA3DA0B509E99C0F81B8EB0D77355C7BCAB6A1F728A5,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399079Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:28.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B3F519C686D56F73B6BEF868B852E5F6,SHA256=E2897C935271AF0F9BFEF5D05F996AC993BD474ABCB7FAF58E9F66D869AE253F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399080Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:29.387{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F0B4E67201B4E22E64C2C8507ACF93B6,SHA256=19829350EBF11838F2952640EB4A356F0CB476A74665CDE76F987C592CCC8ADE,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454405Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:29.239{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E91681A058E6E02B3B773612A2B9B15,SHA256=70435A1601E1F35AA89A21D80BC4608FA823A7E2AC2FA1A2A01158AE008607B4,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399081Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:30.434{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18D73DA42F6C5E8F13F22AC3736D3C61,SHA256=E5672441952FF1ED0F28D5FF4136E0662673BBA3C8C18D990F660E941AE6BC5A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454407Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:30.604{D694AEB8-B3FA-60E2-2A00-00000000D301}2948NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=33EA17C9D0CF150EF3DD52357693C3C9,SHA256=BA4E51F2867FE99FECF90206114B82FA0BBFFFDBB4F9985C47297700F7B60B18,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454406Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:30.269{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=994B4792CD122622F7812CD8E5075860,SHA256=162389B9233E5DB92C0D182C9B77A8874980D3A0174789B35FF294C861258051,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399083Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:31.544{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB5895550005FD4302D641EE4CF3F126,SHA256=E151AB664348F69F8DCD97E96C9D5705870C18E33353AD3DE7A21AADECEE2D7C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454408Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:31.284{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ABE0CECBA3926F5557FACCBE6D3F0B83,SHA256=F93BC19BB235118C58B3886EB62C0196F4EA699A3916909478D3660ADFA102E6,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399082Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:31.294{7F1C7D0B-B3E5-60E2-2100-00000000D401}2012NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=33EA17C9D0CF150EF3DD52357693C3C9,SHA256=BA4E51F2867FE99FECF90206114B82FA0BBFFFDBB4F9985C47297700F7B60B18,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000399086Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:31.484{7F1C7D0B-B3E5-60E2-2100-00000000D401}2012C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-884.eu-central-1.compute.internal53972-false10.0.1.12-8089-
354300x8000000000000000399085Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:31.453{7F1C7D0B-B3F0-60E2-6200-00000000D401}3000C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-884.eu-central-1.compute.internal53971-false10.0.1.12-8000-
23542300x8000000000000000399084Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:32.546{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7F5626376C0211E938F7C37225431D2,SHA256=831E72F487267725BA6744F29202DAA40742564C37C3C0FF9317C7CD98DDFFB1,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454410Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:32.303{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9E64028C13044D10CF24AA32E5CA609,SHA256=515C1DA907461685EB72FDB967B807616C633021CFF54DB5189CE7CCC4C5EF88,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001454409Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:29.632{D694AEB8-B406-60E2-6A00-00000000D301}3116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-201.attackrange.local60975-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x8000000000000000399087Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:33.668{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DEC343C66E70FECD618939E216869753,SHA256=516BB021DB66514EEC23218C1603913D3308C97C9807BE80A070BE06559F65B3,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454423Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:33.981{D694AEB8-B3EA-60E2-1100-00000000D301}404NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=916C7DF7E4CE5991B384A15D71F48F5C,SHA256=A495A5A5E706FF6A6D3EC61895275403A7D79619D1473A277E8CB0A135F97BA3,IMPHASH=00000000000000000000000000000000falsetrue
13241300x80000000000000001454422Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-SetValue2021-07-05 13:33:33.381{D694AEB8-B3E8-60E2-0B00-00000000D301}656C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008)
13241300x80000000000000001454421Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-SetValue2021-07-05 13:33:33.381{D694AEB8-B3E8-60E2-0B00-00000000D301}656C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x01510b62)
13241300x80000000000000001454420Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-SetValue2021-07-05 13:33:33.381{D694AEB8-B3E8-60E2-0B00-00000000D301}656C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d77199-0xf766e8d9)
13241300x80000000000000001454419Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-SetValue2021-07-05 13:33:33.381{D694AEB8-B3E8-60E2-0B00-00000000D301}656C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d771a2-0x592b50d9)
13241300x80000000000000001454418Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-SetValue2021-07-05 13:33:33.381{D694AEB8-B3E8-60E2-0B00-00000000D301}656C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d771aa-0xbaefb8d9)
13241300x80000000000000001454417Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-SetValue2021-07-05 13:33:33.381{D694AEB8-B3E8-60E2-0B00-00000000D301}656C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008)
13241300x80000000000000001454416Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-SetValue2021-07-05 13:33:33.381{D694AEB8-B3E8-60E2-0B00-00000000D301}656C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x01510b62)
13241300x80000000000000001454415Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-SetValue2021-07-05 13:33:33.381{D694AEB8-B3E8-60E2-0B00-00000000D301}656C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d77199-0xf766e8d9)
13241300x80000000000000001454414Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-SetValue2021-07-05 13:33:33.381{D694AEB8-B3E8-60E2-0B00-00000000D301}656C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d771a2-0x592b50d9)
13241300x80000000000000001454413Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-SetValue2021-07-05 13:33:33.381{D694AEB8-B3E8-60E2-0B00-00000000D301}656C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d771aa-0xbaefb8d9)
23542300x80000000000000001454412Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:33.334{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65EF30AAAC109E3DA29EF83F256AF1B6,SHA256=F924C3782B806F692870B842C3358435EC0087E356160404505E7BEDEBBD4D8B,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001454411Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:30.032{D694AEB8-B3FA-60E2-2A00-00000000D301}2948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-201.attackrange.local60976-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089-
10341000x8000000000000000399102Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:34.920{7F1C7D0B-0A2E-60E3-A70A-00000000D401}20961868C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{7F1C7D0B-B3E5-60E2-2100-00000000D401}2012C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x8000000000000000399101Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:34.670{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6DC984F1D58B6206CDA0BB3ACCA19792,SHA256=5D7551CE73B33B0A121159E6B34BF28ABFFB3734B45F753D687B3362332FC53F,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454424Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:34.349{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3B753EE2EB5CD86A711ED1B0C755C0A7,SHA256=E78C7B33F437B80C4EC111312A87C7A5853A12F3E3CA3EC2B3EE7405ECFBDCB3,IMPHASH=00000000000000000000000000000000falsetrue
10341000x8000000000000000399100Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:34.623{7F1C7D0B-B3E6-60E2-2B00-00000000D401}28442864C:\Windows\system32\conhost.exe{7F1C7D0B-0A2E-60E3-A70A-00000000D401}2096C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399099Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:34.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399098Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:34.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399097Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:34.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399096Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:34.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399095Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:34.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399094Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:34.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399093Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:34.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399092Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:34.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399091Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:34.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399090Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:34.623{7F1C7D0B-B3E3-60E2-0500-00000000D401}408536C:\Windows\system32\csrss.exe{7F1C7D0B-0A2E-60E3-A70A-00000000D401}2096C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x8000000000000000399089Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:34.623{7F1C7D0B-B3E5-60E2-2100-00000000D401}20123788C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7F1C7D0B-0A2E-60E3-A70A-00000000D401}2096C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x8000000000000000399088Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:34.624{7F1C7D0B-0A2E-60E3-A70A-00000000D401}2096C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7F1C7D0B-B3E3-60E2-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{7F1C7D0B-B3E5-60E2-2100-00000000D401}2012C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x8000000000000000399131Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.779{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30C38CDE1DABC6723419E3E9E014057E,SHA256=0DF32ACB2A72389425B51EAAD65D9C8B5A0F2B589EC4E3AABBAFD87CDFDF421D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454425Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:35.363{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51205C494B02383500997C2E4EF70EDB,SHA256=2579CFC168BF6DBA07F1FF03601D08B63391E9BDD7BF753EE55B498FF636BF2C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399130Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.639{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EDE7EB48043686940942235A31386195,SHA256=B67A6CD2E30742230A60653C6CF695B2751827C58929744C5050A93D50D84ED8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399129Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.639{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0E924BF87336752B52DDE092EA7193B2,SHA256=4D75E8F84FF60465C1908B384675AD20ED55CEB76F531165170B99C19CA36204,IMPHASH=00000000000000000000000000000000falsetrue
10341000x8000000000000000399128Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.623{7F1C7D0B-B3E6-60E2-2B00-00000000D401}28442864C:\Windows\system32\conhost.exe{7F1C7D0B-0A2F-60E3-A90A-00000000D401}3196C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399127Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399126Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399125Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399124Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399123Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399122Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399121Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399120Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399119Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399118Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.623{7F1C7D0B-B3E3-60E2-0500-00000000D401}408536C:\Windows\system32\csrss.exe{7F1C7D0B-0A2F-60E3-A90A-00000000D401}3196C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x8000000000000000399117Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.623{7F1C7D0B-B3E5-60E2-2100-00000000D401}20123788C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7F1C7D0B-0A2F-60E3-A90A-00000000D401}3196C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x8000000000000000399116Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.624{7F1C7D0B-0A2F-60E3-A90A-00000000D401}3196C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7F1C7D0B-B3E3-60E2-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{7F1C7D0B-B3E5-60E2-2100-00000000D401}2012C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x8000000000000000399115Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.123{7F1C7D0B-B3E6-60E2-2B00-00000000D401}28442864C:\Windows\system32\conhost.exe{7F1C7D0B-0A2F-60E3-A80A-00000000D401}32C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399114Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.123{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399113Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.123{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399112Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.123{7F1C7D0B-B3E3-60E2-0500-00000000D401}408424C:\Windows\system32\csrss.exe{7F1C7D0B-0A2F-60E3-A80A-00000000D401}32C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x8000000000000000399111Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.123{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399110Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.123{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399109Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.123{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399108Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.123{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399107Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.123{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399106Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.123{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399105Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.123{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399104Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.123{7F1C7D0B-B3E5-60E2-2100-00000000D401}20123788C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7F1C7D0B-0A2F-60E3-A80A-00000000D401}32C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x8000000000000000399103Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:35.124{7F1C7D0B-0A2F-60E3-A80A-00000000D401}32C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7F1C7D0B-B3E3-60E2-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{7F1C7D0B-B3E5-60E2-2100-00000000D401}2012C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x8000000000000000399132Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:36.951{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=23C7544961FC82087235A3C05725E19E,SHA256=09BB9D17814EB24A06DD4E2E8B1D7D7D65AFC2FE9C9B1E849E83F002505A2BD2,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454426Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:36.378{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3979413A45EBDEE6971A7A4E9FF53D32,SHA256=A51F0DB071E61A91F0545F72C43A3787388942AE3468063BDA95C65689CF8717,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454427Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:37.414{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DCA63BB04D89E9314C84CC6C8A515556,SHA256=734B097294EE73E21F6099F65D1D1D8F4FEF1B2EAE94B2739AAF0FF60F7348F1,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454429Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:38.429{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=290191CED9F70E32D86246E20796F5A5,SHA256=E9D2444A0698C03F444AC4951150C11DDB974012C48126571D0B3F5157F08469,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399133Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:38.061{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C745C401391CE9E6282D0B31F50056D3,SHA256=A25E21FB3E15913324997CE2D793BC1008965FAC2A95E49F6805D52799C86D69,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001454428Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:35.642{D694AEB8-B406-60E2-6A00-00000000D301}3116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-201.attackrange.local60977-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001454430Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:39.443{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AAA1AA4FDEE90C9FD323D42AAA95AF2F,SHA256=69976EC4F9286D1BE635FB733C359DAD7D76F1332CD982BE6EF99683E3461345,IMPHASH=00000000000000000000000000000000falsetrue
10341000x8000000000000000399163Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.826{7F1C7D0B-0A33-60E3-AB0A-00000000D401}3004972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{7F1C7D0B-B3E5-60E2-2100-00000000D401}2012C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399162Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.623{7F1C7D0B-B3E6-60E2-2B00-00000000D401}28442864C:\Windows\system32\conhost.exe{7F1C7D0B-0A33-60E3-AB0A-00000000D401}3004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399161Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399160Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399159Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399158Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399157Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399156Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399155Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399154Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399153Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399152Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.623{7F1C7D0B-B3E3-60E2-0500-00000000D401}4081316C:\Windows\system32\csrss.exe{7F1C7D0B-0A33-60E3-AB0A-00000000D401}3004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x8000000000000000399151Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.623{7F1C7D0B-B3E5-60E2-2100-00000000D401}20123788C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7F1C7D0B-0A33-60E3-AB0A-00000000D401}3004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x8000000000000000399150Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.624{7F1C7D0B-0A33-60E3-AB0A-00000000D401}3004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7F1C7D0B-B3E3-60E2-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{7F1C7D0B-B3E5-60E2-2100-00000000D401}2012C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x8000000000000000399149Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.420{7F1C7D0B-0A33-60E3-AA0A-00000000D401}1444708C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{7F1C7D0B-B3E5-60E2-2100-00000000D401}2012C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
354300x8000000000000000399148Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:37.439{7F1C7D0B-B3F0-60E2-6200-00000000D401}3000C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-884.eu-central-1.compute.internal53973-false10.0.1.12-8000-
10341000x8000000000000000399147Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.123{7F1C7D0B-B3E6-60E2-2B00-00000000D401}28442864C:\Windows\system32\conhost.exe{7F1C7D0B-0A33-60E3-AA0A-00000000D401}1444C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399146Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.123{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399145Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.123{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399144Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.123{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399143Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.123{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399142Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.123{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399141Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.123{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399140Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.123{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399139Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.123{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399138Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.123{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399137Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.123{7F1C7D0B-B3E3-60E2-0500-00000000D401}408424C:\Windows\system32\csrss.exe{7F1C7D0B-0A33-60E3-AA0A-00000000D401}1444C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x8000000000000000399136Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.123{7F1C7D0B-B3E5-60E2-2100-00000000D401}20123788C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7F1C7D0B-0A33-60E3-AA0A-00000000D401}1444C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x8000000000000000399135Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.124{7F1C7D0B-0A33-60E3-AA0A-00000000D401}1444C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7F1C7D0B-B3E3-60E2-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{7F1C7D0B-B3E5-60E2-2100-00000000D401}2012C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x8000000000000000399134Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:39.061{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D7D2562DAAD0151F6DEFDE48DCCDBE5,SHA256=2C302BB22D8441B9CE3372DFBCE0E661061C96A2C701E658DB8CF05DF8C96B87,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454431Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:40.474{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=654F9E04BBB25787B91EDA1588076B07,SHA256=CBE557222C5D04530BF21E42B92B1B57552DC477879997DCCAECAD0E07CB5D5E,IMPHASH=00000000000000000000000000000000falsetrue
10341000x8000000000000000399192Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.967{7F1C7D0B-B3E6-60E2-2B00-00000000D401}28442864C:\Windows\system32\conhost.exe{7F1C7D0B-0A34-60E3-AD0A-00000000D401}3796C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399191Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.967{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399190Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.967{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399189Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.967{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399188Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.967{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399187Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.967{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399186Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.967{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399185Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.967{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399184Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.967{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399183Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.967{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399182Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.967{7F1C7D0B-B3E3-60E2-0500-00000000D401}4081316C:\Windows\system32\csrss.exe{7F1C7D0B-0A34-60E3-AD0A-00000000D401}3796C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x8000000000000000399181Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.967{7F1C7D0B-B3E5-60E2-2100-00000000D401}20123788C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7F1C7D0B-0A34-60E3-AD0A-00000000D401}3796C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x8000000000000000399180Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.968{7F1C7D0B-0A34-60E3-AD0A-00000000D401}3796C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7F1C7D0B-B3E3-60E2-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{7F1C7D0B-B3E5-60E2-2100-00000000D401}2012C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x8000000000000000399179Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.483{7F1C7D0B-0A34-60E3-AC0A-00000000D401}26288C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{7F1C7D0B-B3E5-60E2-2100-00000000D401}2012C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x8000000000000000399178Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.342{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EDE7EB48043686940942235A31386195,SHA256=B67A6CD2E30742230A60653C6CF695B2751827C58929744C5050A93D50D84ED8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399177Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.342{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B60DAFB6B4E963BD9100EECCB4F1DA34,SHA256=0D91AEBC361304087B7A203568792AAAADDE45F02FC33014801DAF7735595111,IMPHASH=00000000000000000000000000000000falsetrue
10341000x8000000000000000399176Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.295{7F1C7D0B-B3E6-60E2-2B00-00000000D401}28442864C:\Windows\system32\conhost.exe{7F1C7D0B-0A34-60E3-AC0A-00000000D401}2628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399175Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.295{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399174Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.295{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399173Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.295{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399172Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.295{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399171Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.295{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399170Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.295{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399169Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.295{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399168Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.295{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399167Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.295{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399166Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.295{7F1C7D0B-B3E3-60E2-0500-00000000D401}408536C:\Windows\system32\csrss.exe{7F1C7D0B-0A34-60E3-AC0A-00000000D401}2628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x8000000000000000399165Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.295{7F1C7D0B-B3E5-60E2-2100-00000000D401}20123788C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7F1C7D0B-0A34-60E3-AC0A-00000000D401}2628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x8000000000000000399164Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:40.296{7F1C7D0B-0A34-60E3-AC0A-00000000D401}2628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{7F1C7D0B-B3E3-60E2-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{7F1C7D0B-B3E5-60E2-2100-00000000D401}2012C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x80000000000000001454432Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:41.475{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=483218A8F8DEE54BA607E3BA9183EC90,SHA256=83759B4030A01EC417F887332D8BFB7C298890579B72F07ED3286884EE288EDC,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399193Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:41.483{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B8B420FE84EBBD80A059861CEE56AA7,SHA256=1A0B2A330C7CB2519228CBFB6E9B34066E457F1DBF50DA045929E5514CC170C6,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454433Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:42.492{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB3F95D17E45A9552CC23F8F13472540,SHA256=C6217BDF1C18BD4BA2FEBA702DA8E7C3C530AB78BF376F46C039B27A4CAD0E25,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399195Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:42.561{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1ECF14A726763E1D4771DAC124679E3F,SHA256=BC18ECC15676F092F9D6F8CD60E379B8E9CC07BCC3094D84236F90944F72CEC3,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399194Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:42.201{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A6D6B0EBB8B521D55A23DA6C613CA8E6,SHA256=350F1026F0A0624E8D433067044C37110B9EE3AAE1AAF4B4B34F769D30A6E334,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454435Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:43.511{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=324D299EDCCD31C6806E4629B44B1822,SHA256=49A50178EA5F49871712F42ACDF26FFEAFA420428859035055E687A9FF5E538B,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000399197Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:42.439{7F1C7D0B-B3F0-60E2-6200-00000000D401}3000C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-884.eu-central-1.compute.internal53974-false10.0.1.12-8000-
23542300x8000000000000000399196Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:43.608{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDDE5BB301BFE008AE5AF5DEDDDE8567,SHA256=DD7FE5BA8DF5E4CAC76153A050E55FB3B3D01A2176D80B6E3AA1A8C19E0042C2,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001454434Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:41.638{D694AEB8-B406-60E2-6A00-00000000D301}3116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-201.attackrange.local60978-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x8000000000000000399198Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:44.842{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=772B2BC6F010FDF04E5486F78893724F,SHA256=341929327920988D1E50FBEBCB82385BD9D448F715548BAF3AA0F026DBF9CC89,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454436Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:44.525{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=287211F062E94B8E856513FEB2BCDCA9,SHA256=C0F4B69BA78F5B2D0A8C0EA845D4299A8E878595AF0FDDE3601C48BB17380D76,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399199Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:45.842{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B3367306807715C8C1FCE03FD75A305D,SHA256=1A1C0ABD3EADB69C1B6240C0DC57F1A69C558AEAE87CA955B4F776D8A6395D05,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454437Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:45.540{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=602ED9523E74CCDA332FA77A9725E300,SHA256=DC30A153A6226AEE32EF9FC64E4783C6A2DDDC1A2A5A00625D4DBF1E2EDEE09B,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399200Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:46.904{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91C6F3BB7ADA88FBA7DFA312423BB643,SHA256=ED9DE8F2767FD2CBBB7FF0D08719F9327576BA64BC4168EA510C60D33003F9B6,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454438Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:46.570{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FFF8E956F02E1662E0214AA803295E26,SHA256=FA1BBB5CF7745E1F780AB1D8820F718AB3ADE4EFF806171BFF7ED1C064E75990,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454439Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:47.587{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B72761910EFF49F6ACF3A7FE61D56772,SHA256=66BE4442467EA6EC34550C21B92A02EC4278761F70B1EB200CFB360568CD9635,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000399201Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:45.961{7F1C7D0B-B3E4-60E2-1000-00000000D401}960C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse195.78.54.187-31683-false10.0.1.15win-host-884.eu-central-1.compute.internal3389ms-wbt-server
23542300x80000000000000001454440Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:48.604{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E78D091DDCCE7DF9B7AFE542C84FD573,SHA256=B6599C3F919FA19FDC0D814DC89F50756191A6E22208CD24D149E4660CAAED66,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399202Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:47.998{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=708E100407476B673C4EB5A6625469EE,SHA256=7B9E9D9D575DB17D84D831A48FD8EC9242C0450D86D523BF8D3E5D4F6992BC96,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454441Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:49.619{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDB55EC258B0A1EB2901772A4DD468D0,SHA256=EAB8C762C547670F76DB389AB4DFA60BC689F10ABC61CB5D2D4A4351A184477C,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399203Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:48.998{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2FFB67F316AB0D863C3EE3B644E7159,SHA256=99F10DB4021441DC3DAEF2FB0C5EDA16B12F4103DDE9D500E44BB88A47BB969D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454443Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:50.633{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=09B0A795F848B2125C019643648E4810,SHA256=B8DFD4A8B332367E6A81B63D9F3D5A96AFC663511BB6AF269F49480174068931,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399204Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:50.014{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5BF7D70243D95F4919CC56D0E34AAACE,SHA256=D4A4B9035CCB276A04B831F127D3156A59F40362793D83B7D0B821E326B313DE,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001454442Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:47.634{D694AEB8-B406-60E2-6A00-00000000D301}3116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-201.attackrange.local60979-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001454444Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:51.663{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CDE35F223E2816CFE29C1B6B21661A65,SHA256=5805D14ECAFF7380112E5BF2B0CC81B77DC5AC337887BBE79C15004DB2A5FDA1,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399206Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:51.092{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=914329411F870A886CB2B16C648C06FA,SHA256=28F6967A83E651C4B8E3BD601AC367D11A05FD1CF930C83242DB063665E73CAF,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000399205Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:48.439{7F1C7D0B-B3F0-60E2-6200-00000000D401}3000C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-884.eu-central-1.compute.internal53975-false10.0.1.12-8000-
23542300x80000000000000001454445Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:52.684{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30EF95657890D832087776E5AD824B6B,SHA256=1E06CF4AF68BF2810550F41CA9C91E0BC012DEEC680810FCF3E964CFE593DD0E,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399207Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:52.092{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=552D353A8AD384B009D320E436BC812C,SHA256=5024EF8A65780C1D027FC942C0106B6888696D9F785D098A1D1200D0C85B65F5,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454446Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:53.698{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10CF8EED43B7EA507D26AFECD9BCC28A,SHA256=95FB084DE62E3340038C55A6E5A81C10EF456F947C5E3B85F1A07372B9F3764D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399210Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:53.139{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AD2D47AAE6B621A77D1DE600D3245DD,SHA256=7F15CE33E3F717A02108F7C39564680E82BC149907E8ADF1A102A9A21287FF95,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399209Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:53.045{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1D5946237EFB76B87B9BF2BD280AF502,SHA256=C8FD71BDEF165800C3CEEF56291FB468B13D5AAB00C114286B96F5D871E823CD,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399208Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:53.045{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=309C16BD029E05677898B0FEEB6F3494,SHA256=21A3616A5C7B7D7ED3ED0DB05B51CC94FC6004A847424E1B276F25DCC27F4263,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399211Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:54.279{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94CE1A73F8C5FFF7E8A5959B0B4E7F5C,SHA256=EAE84DDF17936B116C0310C7940E63F3CD2285E4F25654A944FD8AB6382FB7E8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454447Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:54.712{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=235A8CBCCEFBEC2B026CDC7AADB53734,SHA256=51E29E833800C4B992ED7CC536A22530E977CEF62D5CFEA4B05F8FF28926983B,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454449Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:55.727{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B019DEEB81B48B495D1470983F589F43,SHA256=057E1368E5ECEB47968A28CC4273EDC500BC5D00E8AD567FF284EDF94B89C060,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001454448Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:53.627{D694AEB8-B406-60E2-6A00-00000000D301}3116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-201.attackrange.local60980-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x8000000000000000399213Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:55.279{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D293FFD74A7F388A73AEACC0913D2E0F,SHA256=A4F84CAF35AC4F53DF6E649D3CBB18801B0183095ADE2D31E0E14A3151A06D2F,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000399212Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:53.439{7F1C7D0B-B3F0-60E2-6200-00000000D401}3000C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-884.eu-central-1.compute.internal53976-false10.0.1.12-8000-
23542300x80000000000000001454450Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:56.757{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7166457BE5CFCB9231B4F0CB7BD434BC,SHA256=A4B4861B362788B3BF3343D4188C2275D9A1CF5606BFABD6AA5BF4BA86664753,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399214Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:56.373{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=70106CA203E9D108FBECEA867D41F073,SHA256=64F777E6E0F5355AEA414B380CDAD940DE5F96C08AE08594685FBFBFC1277A74,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454451Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:57.773{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=43216FD2779F6B3C316A662B5D3440BC,SHA256=E04F2DDF2C5C4C84EF2D9F5FF32FBA64ED2FB73DD8F9CFA79AA3AB077A12E0E8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399215Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:57.404{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD0DEAA2FF5D427BAA4F480FC3103C15,SHA256=75E69593561AD3A69B23F5D3AC1B2575958B31DD8D9148667E99819590D8F886,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001454460Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:58.975{D694AEB8-B3FB-60E2-3200-00000000D301}31323152C:\Windows\system32\conhost.exe{D694AEB8-0A46-60E3-3F0B-00000000D301}6492C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454459Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:58.973{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454458Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:58.973{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454457Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:58.972{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454456Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:58.972{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454455Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:58.972{D694AEB8-B3E7-60E2-0500-00000000D301}412428C:\Windows\system32\csrss.exe{D694AEB8-0A46-60E3-3F0B-00000000D301}6492C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001454454Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:58.972{D694AEB8-B3FA-60E2-2A00-00000000D301}29484004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D694AEB8-0A46-60E3-3F0B-00000000D301}6492C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001454453Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:58.971{D694AEB8-0A46-60E3-3F0B-00000000D301}6492C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D694AEB8-B3E8-60E2-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{D694AEB8-B3FA-60E2-2A00-00000000D301}2948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x80000000000000001454452Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:58.792{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6698332F02527CB2C27236121906D16F,SHA256=78212888769674E7EC0D9182196FBE6FFAFA73C5FAE4263229635C4F1CA62229,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399216Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:58.404{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C147A9A80785DAC7EBD7C2A7EE8258BB,SHA256=C1C66EE9C8C24DF6FBFF0453EBD1DB20D21DB55839CF3BDF50F4EFF1EF46FD8B,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454470Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:59.806{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A96E94FD5F12791918E30BC1D96569A2,SHA256=CDD16C4346CB0D060B0EC5542712AB3758902408DD3F7B1F8D23BB5EF3083244,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399217Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:59.404{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF991E2ED8DFBD9379FA19147AED89CA,SHA256=6370D9C3DE87F659C6CF4FA5C283D6B137A557AD5E7C6098F6E1723095786ED9,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001454469Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:59.691{D694AEB8-0A47-60E3-400B-00000000D301}70444620C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{D694AEB8-B3FA-60E2-2A00-00000000D301}2948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454468Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:59.523{D694AEB8-B3FB-60E2-3200-00000000D301}31323152C:\Windows\system32\conhost.exe{D694AEB8-0A47-60E3-400B-00000000D301}7044C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454467Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:59.523{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454466Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:59.523{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454465Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:59.523{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454464Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:59.523{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454463Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:59.523{D694AEB8-B3E7-60E2-0500-00000000D301}4123364C:\Windows\system32\csrss.exe{D694AEB8-0A47-60E3-400B-00000000D301}7044C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001454462Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:59.523{D694AEB8-B3FA-60E2-2A00-00000000D301}29484004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D694AEB8-0A47-60E3-400B-00000000D301}7044C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001454461Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:59.523{D694AEB8-0A47-60E3-400B-00000000D301}7044C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D694AEB8-B3E8-60E2-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{D694AEB8-B3FA-60E2-2A00-00000000D301}2948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x80000000000000001454481Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:00.821{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6881676764768761109FE4D13C3DE15A,SHA256=0139A88E41753653D5474EAD5A62187DC8AB725CE178D16E794D66DEF9974E03,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000399219Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:33:58.454{7F1C7D0B-B3F0-60E2-6200-00000000D401}3000C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-884.eu-central-1.compute.internal53977-false10.0.1.12-8000-
23542300x8000000000000000399218Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:00.420{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B52356AA3E2FD4ADE85506DE2B76C3FB,SHA256=69A40C707C2FA01267C606C0DE9339097C1ABA1BE6EEF9D096892F43683D891C,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001454480Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:00.190{D694AEB8-B3FB-60E2-3200-00000000D301}31323152C:\Windows\system32\conhost.exe{D694AEB8-0A48-60E3-410B-00000000D301}540C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454479Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:00.190{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454478Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:00.190{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454477Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:00.190{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454476Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:00.190{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454475Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:00.190{D694AEB8-B3E7-60E2-0500-00000000D301}412552C:\Windows\system32\csrss.exe{D694AEB8-0A48-60E3-410B-00000000D301}540C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001454474Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:00.190{D694AEB8-B3FA-60E2-2A00-00000000D301}29484004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D694AEB8-0A48-60E3-410B-00000000D301}540C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001454473Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:00.191{D694AEB8-0A48-60E3-410B-00000000D301}540C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D694AEB8-B3E8-60E2-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{D694AEB8-B3FA-60E2-2A00-00000000D301}2948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x80000000000000001454472Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:00.053{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=574982A3A9C9EB4888BCDB6B05FC09FA,SHA256=70F998C8818493FC72BAC1AC28746A20B844C9C130D2843A5D377B837EC3C199,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454471Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:00.053{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A456DC7F66DE187253374DB693158822,SHA256=8E0EFA6E68993D98E47A931B0969D12863247083D7FF998A975C014146AF5456,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001454484Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:33:59.616{D694AEB8-B406-60E2-6A00-00000000D301}3116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-201.attackrange.local60981-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001454483Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:01.851{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6BD7EEDA0AD878E1F967A71E3E68F798,SHA256=BB91A05D838C98E08CE1D26D02087AB4E0F0F65BCE5F6012ACF3587BC619CA9D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399220Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:01.420{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FA93262429ED501EB7B04CAF9BF4B792,SHA256=5FA7FA5BD83DC3A12CF02EA8C15C3380D58C8F0FA464CE7030D5C2630EC7D203,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454482Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:01.220{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=574982A3A9C9EB4888BCDB6B05FC09FA,SHA256=70F998C8818493FC72BAC1AC28746A20B844C9C130D2843A5D377B837EC3C199,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001454495Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:02.987{D694AEB8-B3EA-60E2-0D00-00000000D301}9166272C:\Windows\system32\svchost.exe{D694AEB8-F83C-60E2-EF08-00000000D301}6572C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454494Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:02.987{D694AEB8-B3EA-60E2-0D00-00000000D301}9166272C:\Windows\system32\svchost.exe{D694AEB8-F83C-60E2-EF08-00000000D301}6572C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454493Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:02.934{D694AEB8-B3FB-60E2-3200-00000000D301}31323152C:\Windows\system32\conhost.exe{D694AEB8-0A4A-60E3-420B-00000000D301}5488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454492Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:02.934{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454491Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:02.934{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454490Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:02.934{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454489Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:02.934{D694AEB8-B3E7-60E2-0500-00000000D301}412552C:\Windows\system32\csrss.exe{D694AEB8-0A4A-60E3-420B-00000000D301}5488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001454488Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:02.934{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454487Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:02.934{D694AEB8-B3FA-60E2-2A00-00000000D301}29484004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D694AEB8-0A4A-60E3-420B-00000000D301}5488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001454486Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:02.935{D694AEB8-0A4A-60E3-420B-00000000D301}5488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{D694AEB8-B3E8-60E2-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D694AEB8-B3FA-60E2-2A00-00000000D301}2948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x80000000000000001454485Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:02.872{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A60F9C0F113199E46C4646E453221D7B,SHA256=AB36FFE438D479F36132A54601B8B6C480D79B6059E3D024945EF2D1D7878ECD,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399221Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:02.420{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3974A53E8DAAA4ABA4C8C311ACE60A87,SHA256=9D3B269502E50AA73F76154E7E4A57A5C2BAEB52949A6A31D2AB4C41C854CC82,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454507Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:03.950{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2C6EF024B46A49FF0607FB20FB928233,SHA256=9C79F1B934BF9BA14937C13038DFC44445684DEC41A9157CE2FB8A6E09E87E23,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454506Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:03.887{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0001BB435553F3884C2BF3D058F8495D,SHA256=C35C9393BCC19BA9CC7BB3748150E7B3849684818DA0C80BFFA0FAA1CED933B5,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399222Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:03.420{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E9BE9539D3AD1A8E8DED1D079BFDB5B,SHA256=3BAF70B187F04309A405E646ED50D72BB934E8A3E83DC5EBF17D9F025A632E85,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001454505Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:03.734{D694AEB8-0A4B-60E3-430B-00000000D301}63164484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D694AEB8-B3FA-60E2-2A00-00000000D301}2948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454504Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:03.603{D694AEB8-B3FB-60E2-3200-00000000D301}31323152C:\Windows\system32\conhost.exe{D694AEB8-0A4B-60E3-430B-00000000D301}6316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454503Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:03.603{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454502Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:03.603{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454501Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:03.603{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454500Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:03.603{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454499Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:03.603{D694AEB8-B3E7-60E2-0500-00000000D301}4122856C:\Windows\system32\csrss.exe{D694AEB8-0A4B-60E3-430B-00000000D301}6316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001454498Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:03.603{D694AEB8-B3FA-60E2-2A00-00000000D301}29484004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D694AEB8-0A4B-60E3-430B-00000000D301}6316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001454497Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:03.604{D694AEB8-0A4B-60E3-430B-00000000D301}6316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D694AEB8-B3E8-60E2-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D694AEB8-B3FA-60E2-2A00-00000000D301}2948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x80000000000000001454496Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:03.071{D694AEB8-0A4A-60E3-420B-00000000D301}54882696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D694AEB8-B3FA-60E2-2A00-00000000D301}2948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454524Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:04.933{D694AEB8-B3FB-60E2-3200-00000000D301}31323152C:\Windows\system32\conhost.exe{D694AEB8-0A4C-60E3-450B-00000000D301}4632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454523Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:04.933{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454522Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:04.933{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454521Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:04.933{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454520Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:04.933{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454519Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:04.933{D694AEB8-B3E7-60E2-0500-00000000D301}412428C:\Windows\system32\csrss.exe{D694AEB8-0A4C-60E3-450B-00000000D301}4632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001454518Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:04.933{D694AEB8-B3FA-60E2-2A00-00000000D301}29484004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D694AEB8-0A4C-60E3-450B-00000000D301}4632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001454517Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:04.934{D694AEB8-0A4C-60E3-450B-00000000D301}4632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D694AEB8-B3E8-60E2-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{D694AEB8-B3FA-60E2-2A00-00000000D301}2948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x80000000000000001454516Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:04.918{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D306D491726B1ECF1B104529E012449C,SHA256=94E515033BF04D605FDD217290272545473C78BDC92E80DFB6A0A333FE42B8D4,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399223Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:04.420{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF7A2DC5590289F881A9296EB38417E7,SHA256=F427754A8731BDB25586683E39C40004ECC650AA8CFB641191A4134F8E2D5EA0,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001454515Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:04.287{D694AEB8-B3FB-60E2-3200-00000000D301}31323152C:\Windows\system32\conhost.exe{D694AEB8-0A4C-60E3-440B-00000000D301}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454514Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:04.287{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454513Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:04.287{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454512Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:04.287{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454511Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:04.287{D694AEB8-B3EA-60E2-0C00-00000000D301}8607040C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2C00-00000000D301}3004C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454510Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:04.287{D694AEB8-B3E7-60E2-0500-00000000D301}4122856C:\Windows\system32\csrss.exe{D694AEB8-0A4C-60E3-440B-00000000D301}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x80000000000000001454509Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:04.287{D694AEB8-B3FA-60E2-2A00-00000000D301}29484004C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D694AEB8-0A4C-60E3-440B-00000000D301}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x80000000000000001454508Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:04.288{D694AEB8-0A4C-60E3-440B-00000000D301}2488C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D694AEB8-B3E8-60E2-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{D694AEB8-B3FA-60E2-2A00-00000000D301}2948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x80000000000000001454527Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:05.948{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D8BA79E3F28DD512708E071E115B98C5,SHA256=6B15124FA767A877B1079704A20A1C0A43B8D2CDD427CA9A9D069CCAC190736A,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000399225Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:04.423{7F1C7D0B-B3F0-60E2-6200-00000000D401}3000C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-884.eu-central-1.compute.internal53978-false10.0.1.12-8000-
23542300x8000000000000000399224Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:05.420{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB86858A5A84300B7B1D8992E033EC06,SHA256=CA042480F279162D9F4CA779BAE53CB475648FFC5598011916AE4B4B75BA8DFF,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454526Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:05.317{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AE45D216BA5C490C10D4296EF45EE53A,SHA256=65B19A02C598322D63902B183E98C28A5AF8241E01EAD25A65CB94B1F5C2CA07,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001454525Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:05.086{D694AEB8-0A4C-60E3-450B-00000000D301}4632348C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{D694AEB8-B3FA-60E2-2A00-00000000D301}2948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x80000000000000001454531Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:06.966{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=363F0D455D2667E44FB6351A513BEE4E,SHA256=81D7DD138560A70A4B9EABBDE830BDA62FF3C9C4C5DB4A1F931132E61A4D0A5B,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399226Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:06.420{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DECDA98A3F9E72FCF71E258DF3B6731F,SHA256=638A2C8E446A0AD8EE07B44157001F3897904A08883904265F47E56447AA8CDB,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001454530Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:04.649{D694AEB8-B406-60E2-6A00-00000000D301}3116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-201.attackrange.local60983-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
354300x80000000000000001454529Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:03.382{D694AEB8-B3E8-60E2-0B00-00000000D301}656C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-201.attackrange.local60982-true0:0:0:0:0:0:0:1win-dc-201.attackrange.local389ldap
354300x80000000000000001454528Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:03.382{D694AEB8-B3FA-60E2-2400-00000000D301}2788C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-201.attackrange.local60982-true0:0:0:0:0:0:0:1win-dc-201.attackrange.local389ldap
23542300x80000000000000001454532Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:07.983{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B62C5251A9D6064794D56AAC05CECFB,SHA256=B1D733939743B24D17FCDA91950E5F4FA008C55653CDD3D764F7491502749AAA,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399227Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:07.436{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7CD0D6366D0A5D0E08FFE31C2361615,SHA256=225DEC4DA757B1E35B423E3210C392EE48D6853A7D37E8A338321E2E9F0E9A6E,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399228Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:08.545{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1AECF0CB7B4FD0D829A9A47FA4508867,SHA256=A62E753FA7B52A064642F58D4A8510E7B326F4DB22E9A7C25E53B2D1085020B8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399229Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:09.561{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA26110A43E52CAD5E4FDCC261EC3629,SHA256=85D30146CA091E8F8DBDCE2BE0D9F5C782DECCF401E55AA3FFE9BD87DC71F073,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454533Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:08.997{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1250002E4ABD413E98FD44F2F6C0CE4,SHA256=B5E6DBEC5C86536A49E3541D306F26C52A74F8A47D373860CEA265B30ABDF706,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399230Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:10.592{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=23E51F8261BA08C6A384604940DF20D3,SHA256=949339170A4D9F781B60E3C1D2DF5E4C3C0A23E45F6B78B274C1A7F56CA72AD4,IMPHASH=00000000000000000000000000000000falsetrue
10341000x80000000000000001454565Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D134-60E2-1A04-00000000D301}4664C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454564Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D134-60E2-1A04-00000000D301}4664C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454563Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D134-60E2-1A04-00000000D301}4664C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454562Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D134-60E2-1A04-00000000D301}4664C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454561Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D134-60E2-1A04-00000000D301}4664C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454560Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D134-60E2-1A04-00000000D301}4664C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454559Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D134-60E2-1A04-00000000D301}4664C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454558Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D134-60E2-1A04-00000000D301}4664C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454557Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D134-60E2-1A04-00000000D301}4664C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454556Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D134-60E2-1A04-00000000D301}4664C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454555Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D134-60E2-1A04-00000000D301}4664C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454554Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D134-60E2-1A04-00000000D301}4664C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454553Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D134-60E2-1A04-00000000D301}4664C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454552Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D134-60E2-1A04-00000000D301}4664C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454551Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D134-60E2-1A04-00000000D301}4664C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454550Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D134-60E2-1A04-00000000D301}4664C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454549Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D134-60E2-1A04-00000000D301}4664C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454548Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D134-60E2-1A04-00000000D301}4664C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454547Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D135-60E2-1C04-00000000D301}4960C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454546Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D135-60E2-1C04-00000000D301}4960C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454545Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D135-60E2-1C04-00000000D301}4960C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454544Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2500-00000000D301}2804C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454543Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-B3FA-60E2-2500-00000000D301}2804C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454542Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D135-60E2-1B04-00000000D301}4864C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454541Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D135-60E2-1B04-00000000D301}4864C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454540Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D135-60E2-1B04-00000000D301}4864C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454539Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D135-60E2-1B04-00000000D301}4864C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454538Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D135-60E2-1B04-00000000D301}4864C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454537Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D135-60E2-1B04-00000000D301}4864C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454536Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D135-60E2-1B04-00000000D301}4864C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x80000000000000001454535Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.127{D694AEB8-B3EA-60E2-0D00-00000000D301}916936C:\Windows\system32\svchost.exe{D694AEB8-D135-60E2-1B04-00000000D301}4864C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x80000000000000001454534Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.012{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64F8B3875B73DF9BC0776FBB03987E2A,SHA256=F6EFEAB9D711363B83F38BE4B69A4C6BFB905683C7ABDDABEE8F68CA72A18F55,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399232Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:11.623{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B019A1FDF25128E0608541C870372A33,SHA256=90DDA9F3058DF7BC2B8386AD81D587A265DBA5A2D597400A914049EABE8ABFBE,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454566Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:11.210{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B3D9C2971B486D3C3E44A82B42B24738,SHA256=4F304DDCB65287E14A9A881199B6BF59CCC0CD07865FAD6256BD7CF568673CE8,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000399231Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:09.423{7F1C7D0B-B3F0-60E2-6200-00000000D401}3000C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-884.eu-central-1.compute.internal53979-false10.0.1.12-8000-
23542300x8000000000000000399233Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:12.623{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8E1C18B1EE185C3F75D94720CEA5E43,SHA256=1AC00C5D7EBEB6D99523931F36E3C4E67EA1F5EA0954867D1F3A36582B0443BE,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001454568Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:10.642{D694AEB8-B406-60E2-6A00-00000000D301}3116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-201.attackrange.local60984-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001454567Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:12.293{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0ED7148042B4F6D66E42EF077957012,SHA256=9FF6CDDC135F0369A420CAC7579B0D6413A8953A30FBA782BCD549BAAB8DA744,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399234Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:13.623{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC300D1B252C938FA00209C52AE1A729,SHA256=BBA6548CC78CA29467EB176390D5ED3A1FFEFA057B2340D3AB0CE57311DE598D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454569Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:13.308{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EFBB146229295734E1093A40385B6066,SHA256=B94FA3E99FE99FC83ADA6BE27BE72E940FE079A79C62BCC39357E5D90D0E85D0,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399235Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:14.624{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1DED4FBCF52DF86A60B1F4BC29C6932,SHA256=A4BF3B551B9BAF399A9E0D7FD85B77C3DDE399E02CD6E5FEA357B4332E11646B,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454570Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:14.339{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E202D7931DFCD52E99D17AC53CF6018F,SHA256=EE508065BB04BA753F909D1A1EA82EEB9157F47E612941440378154E81ABF8C6,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399236Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:15.639{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=31A86904A02F3A5A0C9252699D5D87B6,SHA256=108DF26DC866DE66F64B00CB6FAEDA0CD3312A0B64B68B75C677DA830306BD12,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454571Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:15.375{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A822EC2F228057E35B0FEF546B7F4D80,SHA256=ECCC5111C19B2A74B5B9EBAA42840E59B0B61D4CB5499EE0AB5B74253626D423,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454572Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:16.405{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=72B96FBAAFD76AC554F1A3AA2BAE5F12,SHA256=23F8ED149A7C0A02E9117203B983E976DE9113495A2A98A5C64CF3BA7A0AE6AA,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399238Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:16.639{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8E40283CB3593AF4F1CEBAE3BAA4588,SHA256=9172782E9DF9B9DA4D88E0A25F6F67833E2CFDC109FF29BB76634C2D7716D27B,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000399237Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:15.377{7F1C7D0B-B3F0-60E2-6200-00000000D401}3000C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-884.eu-central-1.compute.internal53980-false10.0.1.12-8000-
23542300x8000000000000000399239Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:17.654{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC3F17E4A950B15CC33FF0506DB1E80C,SHA256=93E66D2EDDD354A4D37AE90544BD992F5460689223E449D5BA10E12F806D4FFE,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454573Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:17.435{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D1EE4CD719D9DF8628F4D56D18F5BE3,SHA256=91FD9410B86AC47F0193660DDC7C4F75A2583D86A99D548D9576F0281C254036,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399240Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:18.655{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6520A46B52A080117711F53760B4F979,SHA256=69EC3F341B72D08892192AB008B1EE77FA1AB50F67DA2C11E8B970BC92A4ED06,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454574Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:18.451{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F21427BB08F8EE6214F49540018B0C81,SHA256=485C58470292E9CC6195A9504D45D301CD9B740C024C7BA279E38A39CBD264D2,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399241Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:19.686{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FBDD04B8C186490CF0A3EFD667BF44E2,SHA256=5D02D6F404BB52097CBB5FF5C498DD78CDDD7CD87A3FCFD407A3C54C33025F57,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454576Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:19.470{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93110867AC31785E851192D2140E4686,SHA256=0658B34A1C650420215AE1C968D6023453ABFAC8890656719E0E5C4C9189C5D1,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001454575Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:16.651{D694AEB8-B406-60E2-6A00-00000000D301}3116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-201.attackrange.local60985-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001454577Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:20.485{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7FBB6071EEBF807186442EE719952DD8,SHA256=81361F55ABE63EA43CB3AB5C4DB38CF129C3DC2EE4C4762D28A387AA03FA25AE,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399242Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:20.686{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0ADB8C4236EB66FEE41C51FEA2B85F9E,SHA256=D2FA82C7C55DD37D9D6881C96BCC694BCCBCA8B9A5C9E8F8610BFF08DC8775CD,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399243Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:21.701{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A993E5B898722B609D8C39F57BDC3631,SHA256=61C6EBE7E7283A2D35880813830B6C5C8EF48AF3F046EB94A3ACA6097D23C629,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454578Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:21.500{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2496E6488E941D7CEC0D261456D5A8F3,SHA256=01B355AC3CFB69FD035E1063BEC9E5E0D50A94F9B5863F335302165BB61BAA3F,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000399245Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:21.408{7F1C7D0B-B3F0-60E2-6200-00000000D401}3000C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-884.eu-central-1.compute.internal53981-false10.0.1.12-8000-
23542300x8000000000000000399244Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:22.701{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=683D292755B7918F45AE4FAB878A05C8,SHA256=EAAE354CBCB765E844CD32F60AE3F879992F06134EC8CBCC73F9166D9A3C7660,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454579Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:22.514{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C8DAB9A78DD64EC37588797295F854C,SHA256=5EBA7754D6AFD7C259098BCE65AB67FBCC37114DB9DB23147FF335DEE77FA8D5,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454580Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:23.529{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8DAD7AEBC676C0B1580E4612847F94C,SHA256=1D1A9C820D7196D8AC8E5030965D6C28BF3656DC596B71C284B7EFE026DC9216,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399246Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:23.717{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD1EC954D0C4FC3408BB17F1B516C969,SHA256=FA605DAE6A18D3E6BF3577844C35F3A77CDC5B2B103F160A8784A8C1B808F52A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454581Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:24.546{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E2F2CA4AF59081EF5031E37DD0D41EB8,SHA256=139B42D33913EEFB1E2048A8A1C4CDAFF7228C7595174EC42B3086B0D74452E7,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399247Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:24.717{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D99751686F3A53213A6D9EE4D518F7E,SHA256=9F5A798C50CADA8B3BC389CDB752A1F490ABA54A77DE6232C180E706C38973AC,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454583Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:25.565{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F3347CF5DFB45B06BC94E56F5729DE1,SHA256=050A923873504A0D63AF72F010BC160D6C120CE22FB9315DAE7EF5921CD30EE4,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399248Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:25.733{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=558C1069A09B4014D0399DED6B389BD8,SHA256=B68B70304E93F726F68B749941BC60C22DEB679346EAED71DF3701D8D24EE917,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001454582Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:22.661{D694AEB8-B406-60E2-6A00-00000000D301}3116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-201.attackrange.local60986-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x8000000000000000399252Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:26.733{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9FCDB46E8C3584B120E6DAC209A8A57C,SHA256=78FEB57C8B1C5010BE20D5F32BD0E7FA9F3E02F9B64B56FE403F2EE06F11CA3D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454584Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:26.580{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E035DB983EF50042E4C683B795544A41,SHA256=71FD10F9B39CC84F0EA2333291E620E6622B892B2D6996BD8DAB26BCA2FC30D0,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399251Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:26.373{7F1C7D0B-B3E4-60E2-1100-00000000D401}996NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=A8635636B5C7FB65A03D2413ECA00D56,SHA256=232D04B8DCC6C84C8ED149BEE12752AA3386B99F1F88B124C09176DFC0591320,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399250Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:26.233{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C8ED7B5579D8D41DA371B7ED641A8F7E,SHA256=650ECA7D504168618A23AFB998C4CD1D61C3A55FA091FA2E042084A02BDE5A39,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399249Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:26.233{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1D5946237EFB76B87B9BF2BD280AF502,SHA256=C8FD71BDEF165800C3CEEF56291FB468B13D5AAB00C114286B96F5D871E823CD,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399254Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:27.733{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74C8C82F1E0242379561FABA47F04328,SHA256=3AF384331AB8D47F7006FF7B805BC4467049F1F001D551766E415D8F4E18ADCF,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454585Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:27.626{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB51856B5BA564F63E21744D7D873743,SHA256=1FD35CD4F04C28057B628585865D789F90F12DDCB2D0BC7F230D634036A1E3C5,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000399253Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:25.175{7F1C7D0B-B3E4-60E2-1000-00000000D401}960C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse195.78.54.166-62471-false10.0.1.15win-host-884.eu-central-1.compute.internal3389ms-wbt-server
23542300x8000000000000000399256Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:28.748{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D176183B879EBBD44A16827495D61FF9,SHA256=4AFA962441C7B472E492ED02F7ED390BA1491B5DEE0B0CF3919432A00FD4F3E2,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454586Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:28.645{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C8469DB304A99F025416685D816D5B4,SHA256=2D148C90AF721539C7F36200709EFFBA792DE87A3EA1AD98CA738A13A1F6251B,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000399255Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:27.377{7F1C7D0B-B3F0-60E2-6200-00000000D401}3000C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-884.eu-central-1.compute.internal53982-false10.0.1.12-8000-
23542300x80000000000000001454587Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:29.662{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D082824568A32F0E8B924937B47AB01D,SHA256=DF8C13F2D2720701B5FBF291ED5D8A75A9F06D7034924FBA912B92A07DAC1874,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399257Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:29.764{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA2F9F45936152455EB77939F1F6146D,SHA256=B81A8990AD998E7BCCFDEBD012540D4CF6247A8AE40E2F2B62E2F86FDA4481F8,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454590Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:30.663{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E5DD892B91B91DD401FF831B510E9584,SHA256=0E3F2F91DE4350F2DD1BFAFE0A9D230D7836B845F8F525EC73AEAA126ABF5677,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399258Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:30.764{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3BABD9AC824FE46094B31701427CC42,SHA256=A9501ACA12F730FEBF0E914E35F32FCAD74106633A87951559029B10C319271D,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454589Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:30.625{D694AEB8-B3FA-60E2-2A00-00000000D301}2948NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=33EA17C9D0CF150EF3DD52357693C3C9,SHA256=BA4E51F2867FE99FECF90206114B82FA0BBFFFDBB4F9985C47297700F7B60B18,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001454588Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:28.655{D694AEB8-B406-60E2-6A00-00000000D301}3116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-201.attackrange.local60987-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x8000000000000000399260Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:31.843{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=619AE809D65887C43C3A2875F4C0A897,SHA256=0314EEF032C97E797704B89CB5FC447674D7C85FE3879B8E4690540C7EA36F42,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454591Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:31.677{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F948FACFD5E3EF9F99D81AA231E7AE68,SHA256=94B9E7F50A9A7E0E55FF350FDB944FDC7F7201FA09E7A79D30999FD5559FF2BB,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399259Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:31.311{7F1C7D0B-B3E5-60E2-2100-00000000D401}2012NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=33EA17C9D0CF150EF3DD52357693C3C9,SHA256=BA4E51F2867FE99FECF90206114B82FA0BBFFFDBB4F9985C47297700F7B60B18,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399262Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:32.904{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=14C7C58B2ABDFD70B6FB22644AE5B285,SHA256=EEDF793FE24B83ABB729292DF3F3CF5393D6E47B95D923A6232DE1C1E8331EDB,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454593Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:32.692{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=92C221D250ADE6DFAE36DBC9E4BA45A2,SHA256=D48DD8B722D7FFB020D287DAE641D1221B26CF740B66B8FEC612596E3558D8BD,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000399261Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:31.502{7F1C7D0B-B3E5-60E2-2100-00000000D401}2012C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-884.eu-central-1.compute.internal53983-false10.0.1.12-8089-
354300x80000000000000001454592Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:30.057{D694AEB8-B3FA-60E2-2A00-00000000D301}2948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-201.attackrange.local60988-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089-
23542300x8000000000000000399264Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:33.906{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=626B11B41F355E070CB9044845D5B3B8,SHA256=C159AA5C8EF018937FBF45224E2C7CFA1574F136BC0132BDA3B707CEA2D787FE,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454595Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:33.991{D694AEB8-B3EA-60E2-1100-00000000D301}404NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=C13CF125B081EF620AB5FA09CCC047FA,SHA256=027462433646E139696AB3251D50C77C28D8281A894D6570731C6D7B6EC4E183,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454594Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:33.722{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6AC1661C0E24DCB3A43B561E92DA348A,SHA256=73BE410A9459F6BFD322DF2C0DCC7168FA6141246A9B7C5EBD1FA18FD01DDD91,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000399263Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:32.377{7F1C7D0B-B3F0-60E2-6200-00000000D401}3000C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-884.eu-central-1.compute.internal53984-false10.0.1.12-8000-
23542300x80000000000000001454596Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:34.742{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53AB8BCD1BDBB80BCCF22CE295B95542,SHA256=B9A61B040538CE2CA8C0F2313AE3FA36F9314155D1EEF52600E884985DA0B800,IMPHASH=00000000000000000000000000000000falsetrue
10341000x8000000000000000399277Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:34.638{7F1C7D0B-B3E6-60E2-2B00-00000000D401}28442864C:\Windows\system32\conhost.exe{7F1C7D0B-0A6A-60E3-AE0A-00000000D401}3156C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399276Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:34.638{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399275Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:34.638{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399274Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:34.638{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399273Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:34.638{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399272Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:34.638{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399271Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:34.638{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399270Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:34.638{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399269Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:34.638{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399268Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:34.638{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399267Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:34.638{7F1C7D0B-B3E3-60E2-0500-00000000D401}408536C:\Windows\system32\csrss.exe{7F1C7D0B-0A6A-60E3-AE0A-00000000D401}3156C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x8000000000000000399266Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:34.638{7F1C7D0B-B3E5-60E2-2100-00000000D401}20123788C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7F1C7D0B-0A6A-60E3-AE0A-00000000D401}3156C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x8000000000000000399265Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:34.638{7F1C7D0B-0A6A-60E3-AE0A-00000000D401}3156C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7F1C7D0B-B3E3-60E2-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{7F1C7D0B-B3E5-60E2-2100-00000000D401}2012C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x80000000000000001454598Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:35.758{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6ED1F6D9BAEDEA2D534F9C1C47741F5B,SHA256=1F886A61BD17D0A487FCE75C31DAA6DCA667638FBD037A7B006D18161558881C,IMPHASH=00000000000000000000000000000000falsetrue
10341000x8000000000000000399306Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.983{7F1C7D0B-B3E6-60E2-2B00-00000000D401}28442864C:\Windows\system32\conhost.exe{7F1C7D0B-0A6B-60E3-B00A-00000000D401}3832C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399305Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.983{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399304Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.983{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399303Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.983{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399302Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.983{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399301Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.983{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399300Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.983{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399299Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.983{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399298Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.983{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399297Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.983{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399296Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.983{7F1C7D0B-B3E3-60E2-0500-00000000D401}408424C:\Windows\system32\csrss.exe{7F1C7D0B-0A6B-60E3-B00A-00000000D401}3832C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x8000000000000000399295Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.983{7F1C7D0B-B3E5-60E2-2100-00000000D401}20123788C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7F1C7D0B-0A6B-60E3-B00A-00000000D401}3832C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x8000000000000000399294Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.983{7F1C7D0B-0A6B-60E3-B00A-00000000D401}3832C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7F1C7D0B-B3E3-60E2-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{7F1C7D0B-B3E5-60E2-2100-00000000D401}2012C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x8000000000000000399293Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.858{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=193FEAE7F20101672FFB6D93AC964D16,SHA256=6DFC03021EEFEC70C11DA6EF8E7269E671E8677ED8A7F55496ABC01260279F46,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399292Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.858{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C8ED7B5579D8D41DA371B7ED641A8F7E,SHA256=650ECA7D504168618A23AFB998C4CD1D61C3A55FA091FA2E042084A02BDE5A39,IMPHASH=00000000000000000000000000000000falsetrue
10341000x8000000000000000399291Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.310{7F1C7D0B-B3E6-60E2-2B00-00000000D401}28442864C:\Windows\system32\conhost.exe{7F1C7D0B-0A6B-60E3-AF0A-00000000D401}2700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399290Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.310{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399289Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.310{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399288Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.310{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399287Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.310{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399286Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.310{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399285Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.310{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399284Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.310{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399283Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.310{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399282Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.310{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399281Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.310{7F1C7D0B-B3E3-60E2-0500-00000000D401}4081320C:\Windows\system32\csrss.exe{7F1C7D0B-0A6B-60E3-AF0A-00000000D401}2700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x8000000000000000399280Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.310{7F1C7D0B-B3E5-60E2-2100-00000000D401}20123788C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7F1C7D0B-0A6B-60E3-AF0A-00000000D401}2700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x8000000000000000399279Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.310{7F1C7D0B-0A6B-60E3-AF0A-00000000D401}2700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7F1C7D0B-B3E3-60E2-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{7F1C7D0B-B3E5-60E2-2100-00000000D401}2012C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x8000000000000000399278Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:35.106{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26FBF9B2590B33A9308F848E63B350CF,SHA256=2EE8E056FB0FD86CD604E5341F571625F944E2711022FD68288C3092D699E072,IMPHASH=00000000000000000000000000000000falsetrue
354300x80000000000000001454597Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:33.669{D694AEB8-B406-60E2-6A00-00000000D301}3116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-201.attackrange.local60989-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001454599Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:36.788{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F41B2B9014110C7BD636478F4C4709B,SHA256=1413F258B43F9D1927A8AD6499B42A043C401DCAA30A1DC027A1683967C1CCB3,IMPHASH=00000000000000000000000000000000falsetrue
10341000x8000000000000000399308Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:36.186{7F1C7D0B-0A6B-60E3-B00A-00000000D401}38322884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{7F1C7D0B-B3E5-60E2-2100-00000000D401}2012C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x8000000000000000399307Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:36.170{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D2947654619AE2DC67865F7F165803C,SHA256=B80995B43F3BE3639C005A64D2B6D73D036690B9703D96A1C7364A60C40538A3,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454600Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:37.818{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26C9B7C5395C719A181F0B0B386ECCBE,SHA256=726CC22A62E597921930E5787BF0ECF232188894901638A84EFD1B7EE03A3305,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399310Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:37.233{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB63EF399B709479AE4670F34BA1C42E,SHA256=DF847F49DF44B55F1D75DD69E22E8682FB0B6138463433C94333A71312EF9FDF,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399309Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:37.170{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=193FEAE7F20101672FFB6D93AC964D16,SHA256=6DFC03021EEFEC70C11DA6EF8E7269E671E8677ED8A7F55496ABC01260279F46,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454601Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:38.834{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E2C146AD5C0FCC2574CCDEFDF9AEB4A,SHA256=52239D1E41D0809F2E74AC820107B5E5144DD6F17BA9536E9FFD2762328D8DB3,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399311Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:38.326{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=348AFE660C4AB8973737A17A3E102E56,SHA256=977C4A7C01D250089AFDBF8F00E8F05EA9C34D90E244CAB352E18E1D04F12558,IMPHASH=00000000000000000000000000000000falsetrue
23542300x80000000000000001454602Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:39.853{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC6A077A26D9A9D886D7C02C2E87E44A,SHA256=D9143F347808FB425923F7050E4F050B19D20A1BED8045A30CD2287AB50BF439,IMPHASH=00000000000000000000000000000000falsetrue
10341000x8000000000000000399341Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.780{7F1C7D0B-0A6F-60E3-B20A-00000000D401}24323252C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{7F1C7D0B-B3E5-60E2-2100-00000000D401}2012C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399340Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.623{7F1C7D0B-B3E6-60E2-2B00-00000000D401}28442864C:\Windows\system32\conhost.exe{7F1C7D0B-0A6F-60E3-B20A-00000000D401}2432C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399339Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399338Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399337Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399336Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399335Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399334Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399333Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399332Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399331Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.623{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399330Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.623{7F1C7D0B-B3E3-60E2-0500-00000000D401}4081316C:\Windows\system32\csrss.exe{7F1C7D0B-0A6F-60E3-B20A-00000000D401}2432C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x8000000000000000399329Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.623{7F1C7D0B-B3E5-60E2-2100-00000000D401}20123788C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7F1C7D0B-0A6F-60E3-B20A-00000000D401}2432C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x8000000000000000399328Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.624{7F1C7D0B-0A6F-60E3-B20A-00000000D401}2432C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7F1C7D0B-B3E3-60E2-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{7F1C7D0B-B3E5-60E2-2100-00000000D401}2012C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x8000000000000000399327Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.358{7F1C7D0B-0A6F-60E3-B10A-00000000D401}18762324C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{7F1C7D0B-B3E5-60E2-2100-00000000D401}2012C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
23542300x8000000000000000399326Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.342{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04D6D6F2529F51D5F6508676F9DC5549,SHA256=7AC957D189BF87AE4CCE646ED7E51DA6A48BBA20BA7DB03B8305D5CE37893085,IMPHASH=00000000000000000000000000000000falsetrue
354300x8000000000000000399325Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:37.424{7F1C7D0B-B3F0-60E2-6200-00000000D401}3000C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-884.eu-central-1.compute.internal53985-false10.0.1.12-8000-
10341000x8000000000000000399324Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.124{7F1C7D0B-B3E6-60E2-2B00-00000000D401}28442864C:\Windows\system32\conhost.exe{7F1C7D0B-0A6F-60E3-B10A-00000000D401}1876C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399323Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.124{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399322Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.124{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399321Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.124{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399320Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.124{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399319Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.124{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399318Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.124{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399317Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.124{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399316Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.124{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399315Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.124{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399314Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.124{7F1C7D0B-B3E3-60E2-0500-00000000D401}4081320C:\Windows\system32\csrss.exe{7F1C7D0B-0A6F-60E3-B10A-00000000D401}1876C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x8000000000000000399313Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.124{7F1C7D0B-B3E5-60E2-2100-00000000D401}20123788C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7F1C7D0B-0A6F-60E3-B10A-00000000D401}1876C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x8000000000000000399312Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:39.124{7F1C7D0B-0A6F-60E3-B10A-00000000D401}1876C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7F1C7D0B-B3E3-60E2-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{7F1C7D0B-B3E5-60E2-2100-00000000D401}2012C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
354300x80000000000000001454604Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:38.701{D694AEB8-B406-60E2-6A00-00000000D301}3116C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-201.attackrange.local60990-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-
23542300x80000000000000001454603Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local-2021-07-05 13:34:40.853{D694AEB8-B40E-60E2-7300-00000000D301}3936NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E6D18B986863E6992DC3DA2AC38DC84,SHA256=3ABABD92FDA4628A528777522B0882764FA2D5FCE947BDD2947CC1618B2442D7,IMPHASH=00000000000000000000000000000000falsetrue
10341000x8000000000000000399369Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.967{7F1C7D0B-B3E6-60E2-2B00-00000000D401}28442864C:\Windows\system32\conhost.exe{7F1C7D0B-0A70-60E3-B40A-00000000D401}1860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399368Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.967{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399367Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.967{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399366Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.967{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399365Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.967{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399364Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.967{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399363Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.967{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399362Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.967{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399361Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.967{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399360Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.967{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399359Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.967{7F1C7D0B-B3E3-60E2-0500-00000000D401}408536C:\Windows\system32\csrss.exe{7F1C7D0B-0A70-60E3-B40A-00000000D401}1860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x8000000000000000399358Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.967{7F1C7D0B-B3E5-60E2-2100-00000000D401}20123788C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7F1C7D0B-0A70-60E3-B40A-00000000D401}1860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x8000000000000000399357Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.968{7F1C7D0B-0A70-60E3-B40A-00000000D401}1860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{7F1C7D0B-B3E3-60E2-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{7F1C7D0B-B3E5-60E2-2100-00000000D401}2012C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x8000000000000000399356Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.780{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4323041A49A62EDCB2A1032721371B16,SHA256=2A0335DEAF2712D7606692F999BE57C98E2AE29EB5875CF628459530722EAE2A,IMPHASH=00000000000000000000000000000000falsetrue
23542300x8000000000000000399355Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.326{7F1C7D0B-B3F8-60E2-6B00-00000000D401}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5288B7C48AEA123C17A7B339E088791D,SHA256=B82C82DF2C8A5F0FB58C5D6F6E67C6325A8F0B78334B8A91DDAB17C26D081291,IMPHASH=00000000000000000000000000000000falsetrue
10341000x8000000000000000399354Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.295{7F1C7D0B-B3E6-60E2-2B00-00000000D401}28442864C:\Windows\system32\conhost.exe{7F1C7D0B-0A70-60E3-B30A-00000000D401}1556C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399353Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.295{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399352Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.295{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399351Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.295{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399350Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.295{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399349Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.295{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399348Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.295{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399347Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.295{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399346Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.295{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399345Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.295{7F1C7D0B-B3E4-60E2-0C00-00000000D401}7521524C:\Windows\system32\svchost.exe{7F1C7D0B-B3E5-60E2-2300-00000000D401}1604C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
10341000x8000000000000000399344Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.295{7F1C7D0B-B3E3-60E2-0500-00000000D401}4081320C:\Windows\system32\csrss.exe{7F1C7D0B-0A70-60E3-B30A-00000000D401}1556C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f
10341000x8000000000000000399343Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.295{7F1C7D0B-B3E5-60E2-2100-00000000D401}20123788C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{7F1C7D0B-0A70-60E3-B30A-00000000D401}1556C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781
154100x8000000000000000399342Microsoft-Windows-Sysmon/Operationalwin-host-884-2021-07-05 13:34:40.296{7F1C7D0B-0A70-60E3-B30A-00000000D401}1556C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{7F1C7D0B-B3E3-60E2-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{7F1C7D0B-B3E5-60E2-2100-00000000D401}2012C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
23542300x80000000000000001454605Microsoft-Windows-Sysmon/Operationalwin-dc-201.attackrange.local