-
Notifications
You must be signed in to change notification settings - Fork 0
/
urlmon.dll
83 lines (83 loc) · 5.39 KB
/
urlmon.dll
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
{
"_index": "wazuh-archives-4.x-2022.10.18",
"_type": "_doc",
"_id": "IrTA6oMBQfNr7Jgd3Muf",
"_version": 1,
"_score": null,
"_source": {
"agent": {
"ip": "192.168.94.140",
"name": "WindowsAgent",
"id": "002"
},
"manager": {
"name": "wazuh.manager"
},
"data": {
"win": {
"eventdata": {
"originalFileName": "UrlMon.dll",
"image": "C:\\\\Users\\\\Administrator\\\\Desktop\\\\babuk\\\\e_win.exe",
"product": "Internet Explorer",
"signature": "Microsoft Windows",
"imageLoaded": "C:\\\\Windows\\\\SysWOW64\\\\urlmon.dll",
"description": "OLE32 Extensions for Win32",
"signed": "true",
"signatureStatus": "Valid",
"processGuid": "{72bcaa84-875b-634e-b209-000000001500}",
"processId": "7572",
"utcTime": "2022-10-18 11:00:44.402",
"hashes": "SHA1=4B012E9B41C5D88EF1CB310B99CD8BD77EDD73A8,MD5=9AA93987320A0A7C159EEE24324CF8B3,SHA256=58C08484FC9DC8FCB028E86B34CE3B392046671AF57A494BCE1160536AA7017B,IMPHASH=793D74F876102F7E2C8149DF7C869687",
"company": "Microsoft Corporation",
"fileVersion": "11.00.19041.1949 (WinBuild.160101.0800)",
"user": "WINDOWSAGENT\\\\Administrator"
},
"system": {
"eventID": "7",
"keywords": "0x8000000000000000",
"providerGuid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}",
"level": "4",
"channel": "Microsoft-Windows-Sysmon/Operational",
"opcode": "0",
"message": "\"Image loaded:\r\nRuleName: -\r\nUtcTime: 2022-10-18 11:00:44.402\r\nProcessGuid: {72bcaa84-875b-634e-b209-000000001500}\r\nProcessId: 7572\r\nImage: C:\\Users\\Administrator\\Desktop\\babuk\\e_win.exe\r\nImageLoaded: C:\\Windows\\SysWOW64\\urlmon.dll\r\nFileVersion: 11.00.19041.1949 (WinBuild.160101.0800)\r\nDescription: OLE32 Extensions for Win32\r\nProduct: Internet Explorer\r\nCompany: Microsoft Corporation\r\nOriginalFileName: UrlMon.dll\r\nHashes: SHA1=4B012E9B41C5D88EF1CB310B99CD8BD77EDD73A8,MD5=9AA93987320A0A7C159EEE24324CF8B3,SHA256=58C08484FC9DC8FCB028E86B34CE3B392046671AF57A494BCE1160536AA7017B,IMPHASH=793D74F876102F7E2C8149DF7C869687\r\nSigned: true\r\nSignature: Microsoft Windows\r\nSignatureStatus: Valid\r\nUser: WINDOWSAGENT\\Administrator\"",
"version": "3",
"systemTime": "2022-10-18T11:00:44.4578388Z",
"eventRecordID": "404560",
"threadID": "5024",
"computer": "WindowsAgent",
"task": "7",
"processID": "3096",
"severityValue": "INFORMATION",
"providerName": "Microsoft-Windows-Sysmon"
}
}
},
"decoder": {
"name": "windows_eventchannel"
},
"full_log": "{\"win\":{\"system\":{\"providerName\":\"Microsoft-Windows-Sysmon\",\"providerGuid\":\"{5770385f-c22a-43e0-bf4c-06f5698ffbd9}\",\"eventID\":\"7\",\"version\":\"3\",\"level\":\"4\",\"task\":\"7\",\"opcode\":\"0\",\"keywords\":\"0x8000000000000000\",\"systemTime\":\"2022-10-18T11:00:44.4578388Z\",\"eventRecordID\":\"404560\",\"processID\":\"3096\",\"threadID\":\"5024\",\"channel\":\"Microsoft-Windows-Sysmon/Operational\",\"computer\":\"WindowsAgent\",\"severityValue\":\"INFORMATION\",\"message\":\"\\\"Image loaded:\\r\\nRuleName: -\\r\\nUtcTime: 2022-10-18 11:00:44.402\\r\\nProcessGuid: {72bcaa84-875b-634e-b209-000000001500}\\r\\nProcessId: 7572\\r\\nImage: C:\\\\Users\\\\Administrator\\\\Desktop\\\\babuk\\\\e_win.exe\\r\\nImageLoaded: C:\\\\Windows\\\\SysWOW64\\\\urlmon.dll\\r\\nFileVersion: 11.00.19041.1949 (WinBuild.160101.0800)\\r\\nDescription: OLE32 Extensions for Win32\\r\\nProduct: Internet Explorer\\r\\nCompany: Microsoft Corporation\\r\\nOriginalFileName: UrlMon.dll\\r\\nHashes: SHA1=4B012E9B41C5D88EF1CB310B99CD8BD77EDD73A8,MD5=9AA93987320A0A7C159EEE24324CF8B3,SHA256=58C08484FC9DC8FCB028E86B34CE3B392046671AF57A494BCE1160536AA7017B,IMPHASH=793D74F876102F7E2C8149DF7C869687\\r\\nSigned: true\\r\\nSignature: Microsoft Windows\\r\\nSignatureStatus: Valid\\r\\nUser: WINDOWSAGENT\\\\Administrator\\\"\"},\"eventdata\":{\"utcTime\":\"2022-10-18 11:00:44.402\",\"processGuid\":\"{72bcaa84-875b-634e-b209-000000001500}\",\"processId\":\"7572\",\"image\":\"C:\\\\\\\\Users\\\\\\\\Administrator\\\\\\\\Desktop\\\\\\\\babuk\\\\\\\\e_win.exe\",\"imageLoaded\":\"C:\\\\\\\\Windows\\\\\\\\SysWOW64\\\\\\\\urlmon.dll\",\"fileVersion\":\"11.00.19041.1949 (WinBuild.160101.0800)\",\"description\":\"OLE32 Extensions for Win32\",\"product\":\"Internet Explorer\",\"company\":\"Microsoft Corporation\",\"originalFileName\":\"UrlMon.dll\",\"hashes\":\"SHA1=4B012E9B41C5D88EF1CB310B99CD8BD77EDD73A8,MD5=9AA93987320A0A7C159EEE24324CF8B3,SHA256=58C08484FC9DC8FCB028E86B34CE3B392046671AF57A494BCE1160536AA7017B,IMPHASH=793D74F876102F7E2C8149DF7C869687\",\"signed\":\"true\",\"signature\":\"Microsoft Windows\",\"signatureStatus\":\"Valid\",\"user\":\"WINDOWSAGENT\\\\\\\\Administrator\"}}}",
"input": {
"type": "log"
},
"@timestamp": "2022-10-18T11:00:49.281Z",
"location": "EventChannel",
"id": "1666090849.3615702",
"timestamp": "2022-10-18T04:00:49.281-0700"
},
"fields": {
"@timestamp": [
"2022-10-18T11:00:49.281Z"
],
"timestamp": [
"2022-10-18T11:00:49.281Z"
]
},
"highlight": {
"agent.name": [
"@opensearch-dashboards-highlighted-field@WindowsAgent@/opensearch-dashboards-highlighted-field@"
]
},
"sort": [
1666090849281
]
}