23542300x8000000000000000109964678Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:13.984{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3198C82E045286D1697D09C4D4142694,SHA256=A0300C07C966B319E69128BC4E7B7BF7F0C9AA8480972CFA729B36269E12CF87,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916383Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:13.933{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9279A050F7EA4B68987CDDABAD82D6EF,SHA256=F2E36D9BAACB8975A96173BA12A84314FFB514F9D641F4C18CBDA493E69E23FD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916382Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:13.246{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6D8FA8E27BE7C9AD31FE0E637578264D,SHA256=DF317C216CD2B42D2898A995B45C654C0FE9A137B39D985F6EA3A2C997032B0B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964679Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:14.984{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB695BE1E439CE5D26F2FFE72E2057B4,SHA256=9C839664596DDD07A55B8CA539B153C89423F41A847D70829E45382D388725CC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916385Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:14.948{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BCE7091A11DF215E23E21576A3FDEBBB,SHA256=B4432966D5D9D3D25A89ABD1AD07BC5E2BB66ABF99036FE9F44D6F3DBDD78A37,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000056916384Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:04.887{B81B27B7-2350-6193-6B00-00000000CB01}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local49958-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000056916386Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:15.964{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8376156A1A6FC0D9585A6C35EAB9BB9,SHA256=A806ED8F55DA6058BB94469A76AA205253FE77DA286960956500098CAF33C8E8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964681Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:15.094{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=804BAAD362C4AAD6E95A8E4B9DB7035C,SHA256=CBD3FE74A8FDD3EE683CAB2D0B2D3D8D15F0E64F0B0950808EC147118E53E957,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964680Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:15.094{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=483268179FAC21D37673EAEDB8FD56FD,SHA256=DC98538A2EBB887B9D765B9DE3A1FF570016F8FF598E54C7A097CDC7651EBBA8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964683Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:16.125{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF2B7B094E5BD020E647394DF6E46657,SHA256=8AAB24FFDC6A1DDFAF46CA2D8FAA668E57AF36EE66F6997A39D9537762E1A695,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000109964682Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:28.294{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local58650-false10.0.1.12-8000- 23542300x8000000000000000109964684Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:17.125{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC103E455A05F35ED87D4B63ADB33822,SHA256=06008281CCC48179BFE99722E1822BF2D51E74BEE438F9556493859DA6750DCF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916387Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:17.198{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F4C0A7B833BF3ECFAC16542CC366283,SHA256=0331E73BF69E41323F7C792CAC8812441C0BBAAFDC2A191B0C52D1F15F13C4D4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916388Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:18.323{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85F806089E7E31C2F3C94ADAFE5F697C,SHA256=C72468894E22B5FC2977E5EDB1D6D878FBCB5F796DF1E4BF5F92C6146757AB30,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964685Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:18.125{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C0C1E7241FC7509A1CD49A1FFA10710,SHA256=085DF4258A1361F65BC28F7488885194CBEC0296BEAA2AF147107E206F3ADC1E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916389Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:19.339{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=813B0F16441EDA0E09C06308E0D8F71E,SHA256=30CCCA623CFFBF4BA0330CBA4A710CA6AAD40414FD7C1B63AB4C34A4B8FC33B2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964686Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:19.125{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C235880BF87C1E085DC967174C43785,SHA256=E9F1CF72C53B78D006505F8B8BF65C8BFED20B711210484853356296CE65AF61,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964689Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:20.125{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB54372499458795581EB9754DC298D1,SHA256=6BC4578ABA58F08EA971E2A0C90078CFF316C930AB279CC02C96A63160399980,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000056916391Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:10.074{B81B27B7-2350-6193-6B00-00000000CB01}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local49959-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000056916390Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:20.354{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=27AA598D8C156B233CF560DD865661E3,SHA256=1DDE2F094B338D4569A8C13EB8A06C6E9303CFA5DD85E23BF9669153AFF5E403,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964688Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:20.109{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2FBC92907B41F40873BCEA9C1F95693B,SHA256=F4C49D6AE22B0B0E6762A7AAF2B16FD638D2CFD4D69FB4AE080E81210D66EFD6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964687Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:20.109{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=804BAAD362C4AAD6E95A8E4B9DB7035C,SHA256=CBD3FE74A8FDD3EE683CAB2D0B2D3D8D15F0E64F0B0950808EC147118E53E957,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000109964691Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:33.325{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local58651-false10.0.1.12-8000- 23542300x8000000000000000109964690Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:21.141{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=208A7FA1362A5E26EC79D40294F0E680,SHA256=1677BBD3BB01541375CA4EFE7A4E77B3CC70CBD2E93741E01FCA9EF07D600552,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916392Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:21.370{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F38A6238EBFFC96F41DC83985811AE27,SHA256=A7F8153A4C08B036F0AA0F4AE7BCCAF05FA6805E4103FF3A0B0D68F2ECB7A871,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964692Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:22.172{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1594F13A98EC3AE4D281A49C8228D3FB,SHA256=D8B5DE48DE171A64B17CA96660F7860AADB6BECA893851A4FC336BA93245FB8B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916393Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:22.385{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7FFA78A63EF539E31F38AB4B4B198E02,SHA256=6463227853F932A7FE199A2A646342DD955814E6971AA0C128AF3C4F62ABDBDA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916394Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:23.385{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C7423EEFCA547A96DAE46DD91E78057,SHA256=F6E3E46AB2156647ABE018CA4EBB665973BD2DA396DDC09623AA215D31FB6A19,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964693Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:23.250{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE64B792B03F3CE24061F0E58D6205AD,SHA256=0619AE9A719382287F2D29B629FCD6C80CF18A2C48144C10BEF4B698E7D16B14,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964695Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:24.469{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2FBC92907B41F40873BCEA9C1F95693B,SHA256=F4C49D6AE22B0B0E6762A7AAF2B16FD638D2CFD4D69FB4AE080E81210D66EFD6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964694Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:24.328{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A02A0D3A12E84727CF724C3173093386,SHA256=43E80075C50BAB565A504318235171187DC534A8CA883056B19540351999EF2F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916395Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:24.401{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADC730C2E9F38CBEA20465A2D33AFA42,SHA256=92AD20824B2FF7D13D667ED5F86ABAB989D65C692C96E3F625F0898D09951475,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916396Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:25.416{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=742A1A507EA0708C9AA4F19F50E5B5B1,SHA256=2EE12735D6F4DB7B14E74C9705550068A8A283797811C56C45C7EC79167F7D9C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964696Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:25.359{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A2A7D9D29523F7904A4AFAE88DFAB43,SHA256=012F2E33C29C1D8208A4552103DCE8611EC4D0AE053CCA1E232F5EEC895BA39F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000056916398Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:15.996{B81B27B7-2350-6193-6B00-00000000CB01}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local49960-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000056916397Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:26.432{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=072B5AC2BAA97DC66ADD63776085DB75,SHA256=390DD1D38490EE533AA549CE43EA5BD4ED4B553DB5586286B82BAD21661E159C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964698Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:26.359{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BCD852D1C49B44AB9105436DCA672D3E,SHA256=3E21EF7073CD4F8CAB471E6D0795A918E4DD3F693FAB6331CF9A38F1734384DB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964697Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:26.125{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=644F88D6196CF5ED4132874BFD540A5F,SHA256=F2175360B15CD3C4EC6E9658BD6E47BCBF2B75491A27C1AEA3BEC4EEC0D0CBEB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916399Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:27.447{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A766025F4EEEEEAB2B057AC2C1F96BDA,SHA256=85351640E0245C96FFCFC411018240F485F80B5004D045C0A9265CC9A0F4C66F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964700Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:27.391{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A828902357EE64D9A52EE42F4E349D2F,SHA256=2F0F4BF0F444ED508FB845CCCA394121DD7D70A1C006EE26A540DF36BBB59DBD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000109964699Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:39.309{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local58652-false10.0.1.12-8000- 23542300x800000000000000056916401Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:28.449{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7408F02C790C90C99998B214855BD78A,SHA256=4DA34D0506EAD7F9A6010B4A79BA6CBE86677DD8B4B7D55E9A5DCD7BB3B9ABB4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964701Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:28.624{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3B4ABCDDB2914A598014D8101E195AD1,SHA256=BC1782503C151AFBB238D9710D56131731055CBEB644D798F2B09138AEB5AF72,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916400Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:28.150{B81B27B7-2345-6193-2800-00000000CB01}2264NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9D45E1BDB6F237A6CF51FFC6A12E6130,SHA256=87EEE278CDF62B2B86AF9CB87BDB04BAFB10272CEA175D83979B0C43158C5AB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964703Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:29.640{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75B530297C3D8788426867EF70487327,SHA256=E666A09384AEC35AD7E263D6BED2BCFFFE40CD1741A1936920DE066BC7EF4E06,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000056916403Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:19.965{B81B27B7-2345-6193-2800-00000000CB01}2264C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local49961-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8089- 23542300x800000000000000056916402Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:29.468{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF26C8B81DA128D0B9FA39FE04B6D520,SHA256=433AC46622E68AF734654B59F345A12849315DAD871B1558E55EB503F52401A0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964702Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:29.405{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=02BDF958CC0AE257A6F2FF8459C61338,SHA256=EB42B7E333F23E5C089095E1C7A39DD1E5B9C35FA88A76EA43F95CA3EE31B28D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964704Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:30.811{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4AC8597FC1FCAD488D7220FB79BFDD9,SHA256=9E8C2384233919DB5C1CE602C3169654774E99B3FF5C1BD99E21E5EB8861B63B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916404Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:30.480{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB2826EE0784400AF482F07BAFFAAF6E,SHA256=EE25804B7F8AB5A8452762656BBE92A6794D044A1867E49AC24AC6A67313A8AE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964705Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:31.843{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A82E44F93EF990D008DD00CF5F2D3FA2,SHA256=A286D23E2CC5EBF52FA46034B7978699DE447416AFC088377AED6F1E2F126ECB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000056916406Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:21.936{B81B27B7-2350-6193-6B00-00000000CB01}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local49962-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000056916405Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:31.527{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3895A4C0D17417D4EC1B3D703272A3F3,SHA256=7433F5C7AC35C8470C2348A5B9CC57A9CD39A3E39F15578E037AC5D05626D5AA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916409Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:32.668{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11BC9643C01B2C40DEE3F9826B8C01AD,SHA256=CCFB7AED7B962983646225EE993D748EA503AC53F79BF94A967FA352ADA72C20,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964708Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:32.858{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=83CB71DD4E50ACE6F5DE9BBA0ED6964C,SHA256=C67DBEBD847CB0B61888F4377D4240036EE67BF1A95C1174C82E5D8FC3BFB0FA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000109964707Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:45.355{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local58653-false10.0.1.12-8000- 23542300x8000000000000000109964706Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:32.155{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=973B1133F0BFC9F1371F9BE94496A74D,SHA256=C82EA8F6AF5D32D6B071C0675CD8EBAFFE98517525A70F4A92BD3ACD7F0B6BE5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 13241300x800000000000000056916408Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-SetValue2021-11-16 03:30:32.590{B81B27B7-2344-6193-1300-00000000CB01}720C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7da9a-0x4f980941) 23542300x800000000000000056916407Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:32.543{B81B27B7-2344-6193-1600-00000000CB01}1104NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataCache\OLDCACHE.000MD5=6EE37F99E207C5DC0C816D0B99775752,SHA256=A47A47ACCBD8986B6AD86AD8A3D2E88F4F5B9668E5838254FBDDB61D7EBE6FAA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916414Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:33.683{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=A5F17D89DB7A6E5CC8DCD12CEEE11757,SHA256=430E9AB193A3E5B0A6F8E76F1472E1449F6E78155B7C4D33F90677F12FD46384,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916413Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:33.683{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F58312184D5F2F8460DA05973C25FACA,SHA256=12E649BE675C1C5FAB185CD547FF7174D8BCBB5FD3D32CED65421A609EDD7635,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916412Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:33.683{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=0DB41E1885E2A18B893862870FFE84FE,SHA256=4F470322DC69E6B028972F7F674D31F89744FA357B43513CC32EB8DDF446F2F3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964709Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:33.858{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75540BA4AA5F1D4B47B34471FC57E2F2,SHA256=8BC07F34D374D5ABBBFCA9C940B5183D6D30F3EE7AFECB432D118D041D3D9709,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916411Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:33.636{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B05A3AA9C6EF00257500AD2912372BF9,SHA256=2EF613F61613D3DEDEA323835132234FD95A5899D1E16B577242A6570BB74AE7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916410Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:33.636{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8CFE446698233D4B17457602EA0AF259,SHA256=BE6DF9815EF082402549D13B4A0573CBE1A6AF6906288298CA30C50F7A538D5C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964710Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:34.921{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53CD27AFB3105E434653459D365BBFC9,SHA256=D7748F6596AA744B0E42CBF3EEBB10E36768E48DEE49AD8F57BF8D7ECA01A69E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916415Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:34.699{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=72B4E5323BE1EFF0D4B4D278E64E0876,SHA256=1842DB3F52FA34CB0A51B7616244016A0FE78950CC3C2CBE9621C352480157DF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964711Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:35.936{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BBB060C2ACA3F44601082129A4C10C3,SHA256=E2B9D0A5424CC6593BAB0E400A14DC02F004897A008FD46567A77DE2C2061391,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916416Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:35.714{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9EE6F56879C3F4FEA0F5C8E7C2A90FC0,SHA256=6CA3E8C8798C2EE990651EF5E0265C648420CE0D6E636ABCC439A92A4FE4FCB6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000056916418Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:27.061{B81B27B7-2350-6193-6B00-00000000CB01}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local49963-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000056916417Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:36.730{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6586DCD8B6E3A7F0E71242DA21F0432F,SHA256=9ED0A12B14934EACA7A40C3318385528ACF7C09945F050DD03A79F4BBF768417,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916419Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:37.777{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B467F43FA33559205D6DDE003B721C1,SHA256=0D847CCCD8B116A7FE9D21409C693300D5FA80C15255F8E8C44D2E36500BBE4E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964714Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:37.374{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=62EBAC270B79D1C3C4B816E45E3A4FF0,SHA256=A8E0C8AB9CD36B27578D6C1A92E592AEDE503085017A988E30296D13AAE4ED3E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964713Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:37.374{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EB9255CC337615EF34E073652E931D5E,SHA256=3A33F4883A9E445CD101B79731B179003B316B05DFCA1E354D74616331CAF448,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964712Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:37.061{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76CF2550D1A2EB4C847BAC66CD4AFE98,SHA256=54DF19376B24D5051C0C07274F8D616D607548292C614DBEE90C4B7E102E5BC8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916420Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:38.777{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CEBCEE0204C0C501A5020B12215DC793,SHA256=B99BD5F0185F7884A76E6A5E541BC4C5ABC77A816DB4FFC4AC21F779405CB25A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000109964716Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.434{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local58654-false10.0.1.12-8000- 23542300x8000000000000000109964715Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:38.140{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B34CBA90F7C9625CE9F8B4A07086857B,SHA256=EE37F119EE4F97582CD2429EDC1D43CC57D88DFA844B92B7E1148D48647C304F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916421Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:39.792{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7CD2F15EF7A891E3B07000BF366DFB89,SHA256=A60EC3D88CF54658860F4D95710CBE0705CEC745F762C76AA647F849C70FFB5B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964717Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:39.155{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ACE61FB3A7B2ED2D04034FE36BB0D784,SHA256=E940EDAFDC8E200806106C73C6E45B3A2793F2D3873C319076331201A5EC979D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916423Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:40.980{B81B27B7-2344-6193-1400-00000000CB01}716NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=459A58A1679E6B0BC084E3AACD38A6C0,SHA256=D7B08B0FF05DCB31A6408DC8E34D8469ADE58C2DB176AB3861AB053FAA880E94,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916422Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:40.792{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF988CC406675AB3AB573C3CA27C3AF8,SHA256=DD0FFBF1B8229369A8CA24607663B4C90909351B61A8313A49332573AFDEF750,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964718Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:40.155{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50A4E81C784B672C32714C9BF5972619,SHA256=B350A85A130620C2631FA805550F52BB3EB4DBBB8655E238E05F9AF8119FD9B6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916424Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:41.808{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21A3BCB6B4DD33C8E1F9E9D91F1FC879,SHA256=4D92B37A556CDE4B82F711EB213609222A44DB81C06919A2EE02BBEC7F3A5DCE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964719Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:41.155{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E41540AD3D7D661912C17C4DD0B687B,SHA256=2D2E7CE4176248DB2B7F47CAD2AFB05493B24E8F4FEFFFC38EC18F8F7A81C1BF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916425Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:42.855{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ACE7954062ECD7010BFD087158BDEDFC,SHA256=07990EAB8C836498CB8C2F4C84525FAF0462F2A0FF345A394DE6F69EBD14BEE4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000109964722Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:55.449{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local58655-false10.0.1.12-8000- 23542300x8000000000000000109964721Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:42.343{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=62EBAC270B79D1C3C4B816E45E3A4FF0,SHA256=A8E0C8AB9CD36B27578D6C1A92E592AEDE503085017A988E30296D13AAE4ED3E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964720Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:42.155{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CB79A77ED724093C948010E055FB21B,SHA256=1B4847F6CAE4A580D2BAD8816E37AF8879181A88B2DDE20C3D19BC0CBF0A436C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916427Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:43.870{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D0D10A0E63A0D4091AD051A94BCF64E,SHA256=15CA924E15327F89DFE530BE92EABF2934DCFAB4C79676EE2A98C04C6B26A893,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964723Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:43.155{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04603C48BB68E0B6668FC2F1E60A995F,SHA256=790BADD57C006CDA37F5CEBE757B813B81BC063829B7A8C9D91909E0B81D0EC9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000056916426Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:33.061{B81B27B7-2350-6193-6B00-00000000CB01}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local49964-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000056916428Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:44.902{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76EC39B57DF84856F44172C76AD6DCAD,SHA256=2B365331AECD633F59BFA3395313D068C7BCB30A66A368BB9A5EA978758EC77E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964725Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:44.405{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6B4C8CB7BF48DDAD2905C0261A227B2C,SHA256=530F68EA9A44F62B04E51E6EDA7681BF94050D8F7CBABF625AE3A9140ED166B5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964724Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:44.155{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B3BADA88E725308AE9DEC8F81A7CC79,SHA256=37E40C5ED98BD3E830B539039DCBCC3818D3FD85B0ECE94B9771CC981EBA2399,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916429Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:45.902{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8EE9B2EFDFE2F1ECACFF6D1F877BBA50,SHA256=CB8ABE4CC3F8650B07DFECC96446E020DC255168646495DB619D0771AC5FB9A5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964726Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:45.171{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=14ED23978C76C1BB48A1C1F45716CAF7,SHA256=1FE35DEEEDC44D364CA52C211E09B537BCA1275159CC45383F34E60995EC5133,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916430Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:46.980{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C642BBAFB266585C524F51FB8B1BDBE,SHA256=582C38862D3CAEC94AF493FE5D4CB95541A2A5DDA25DD6EB2CAC8DD34C85EB9E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000109964782Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.905{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000109964781Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.905{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000109964780Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.890{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000109964779Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.765{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000109964778Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.765{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000109964777Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.765{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000109964776Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.765{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000109964775Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.765{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000109964774Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.765{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000109964773Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.765{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000109964772Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.765{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000109964771Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x8000000000000000109964770Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000109964769Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000109964768Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000109964767Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000109964766Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000109964765Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000109964764Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000109964763Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000109964762Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000109964761Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000109964760Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000109964759Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000109964758Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000109964757Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000109964756Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000109964755Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000109964754Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000109964753Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000109964752Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000109964751Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000109964750Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000109964749Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x8000000000000000109964748Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000109964747Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x8000000000000000109964746Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000109964745Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x8000000000000000109964744Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x8000000000000000109964743Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000109964742Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000109964741Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000109964740Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x8000000000000000109964739Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000109964738Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000109964737Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000109964736Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000109964735Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x8000000000000000109964734Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964733Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964732Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964731Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964730Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-9797-6185-0500-00000000CC01}420436C:\Windows\system32\csrss.exe{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000109964729Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.749{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000109964728Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.734{3BF36828-25E6-6193-E098-01000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000109964727Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:46.186{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B7F89BE2A95470386366C7E3F0ACB2B2,SHA256=78EFB6D6C9B23C71D8CF1E7C42EF185F101129A6D3CA0BC8A54F5FBD407C2309,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964889Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.968{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=624D4B0B223F63B839ED0D91711D32F5,SHA256=DA478897903CA9D70C66C869FB30737BD204389C7A1591CD168D2E846AEDDB77,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000109964888Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.921{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000109964887Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.921{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000109964886Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.921{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000109964885Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.921{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000109964884Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.921{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000109964883Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000109964882Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000109964881Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000109964880Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000109964879Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000109964878Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000109964877Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000109964876Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000109964875Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000109964874Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000109964873Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000109964872Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000109964871Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000109964870Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000109964869Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000109964868Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000109964867Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000109964866Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000109964865Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000109964864Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000109964863Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000109964862Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000109964861Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000109964860Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000109964859Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000109964858Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000109964857Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000109964856Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000109964855Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000109964854Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x8000000000000000109964853Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000109964852Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000109964851Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000109964850Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000109964849Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000109964848Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x8000000000000000109964847Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964846Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964845Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964844Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964843Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-9797-6185-0500-00000000CC01}420412C:\Windows\system32\csrss.exe{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000109964842Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.905{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000056916432Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:47.433{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=59D66A8D638664160DED81323F20D826,SHA256=B3BA5C28167955D07B1D9DBDBE00E1AE13E5265D9E7861B21A15E69DAAAB8B41,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916431Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:47.433{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B05A3AA9C6EF00257500AD2912372BF9,SHA256=2EF613F61613D3DEDEA323835132234FD95A5899D1E16B577242A6570BB74AE7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 154100x8000000000000000109964841Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.891{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000109964840Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.733{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2F87EBC38922F5D40D6DC19698FF6A03,SHA256=3AAAD0BDACF9AA8100BF837FFCA7BDC45DBB91B7AA9FC5FC658A3BF8F54419E1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000109964839Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.515{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000109964838Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.515{3BF36828-25E7-6193-E198-01000000CC01}70286944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000109964837Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.515{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000109964836Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.499{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 10341000x8000000000000000109964835Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.390{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+19544|C:\Windows\system32\taskmgr.exe+1a290|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964834Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.390{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+1e590|C:\Windows\system32\taskmgr.exe+1a25e|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964833Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.390{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+1ea6a|C:\Windows\system32\taskmgr.exe+1a0d0|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964832Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.390{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+b1cf|C:\Windows\system32\taskmgr.exe+1a084|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964831Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.390{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+b2b8|C:\Windows\system32\taskmgr.exe+19d0d|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000109964830Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.374{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000109964829Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.374{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000109964828Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.374{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000109964827Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.374{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000109964826Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.374{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000109964825Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.374{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000109964824Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.374{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000109964823Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.374{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000109964822Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.374{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000109964821Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000109964820Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000109964819Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000109964818Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000109964817Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000109964816Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000109964815Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000109964814Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000109964813Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000109964812Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000109964811Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000109964810Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000109964809Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000109964808Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000109964807Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000109964806Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000109964805Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000109964804Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000109964803Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000109964802Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000109964801Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000109964800Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000109964799Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000109964798Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000109964797Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000109964796Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000109964795Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000109964794Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000109964793Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000109964792Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000109964791Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x8000000000000000109964790Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964789Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964788Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964787Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964786Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-9797-6185-0500-00000000CC01}420412C:\Windows\system32\csrss.exe{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000109964785Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.358{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000109964784Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.346{3BF36828-25E7-6193-E198-01000000CC01}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000109964783Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:47.343{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4D84C492C2074606A0ED3E8656EF4D2,SHA256=58F3412801195C095972CC4C07BAFF15500C7E8C5206F48E9429C59A8F085C74,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109964946Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.909{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=231E29D4A5967ADD0683A51A6E2CC4E8,SHA256=2C5D6D18E6DD2FED7F1A0440D48BB3E55672179F3831BFEF981D9C869F4565DF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000109964945Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.737{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000109964944Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.737{3BF36828-25E8-6193-E398-01000000CC01}3445500C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000109964943Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.722{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000109964942Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.722{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000109964941Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.612{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000109964940Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.612{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000109964939Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.612{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000109964938Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.612{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000109964937Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.612{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000109964936Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.612{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000109964935Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.612{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000109964934Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.612{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000109964933Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000109964932Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000109964931Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000109964930Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000109964929Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000109964928Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000109964927Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000109964926Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000109964925Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000109964924Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000109964923Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000109964922Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000109964921Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000109964920Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000109964919Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000109964918Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000109964917Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000109964916Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000109964915Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000109964914Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000109964913Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000109964912Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000109964911Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000109964910Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000109964909Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000109964908Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000109964907Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x8000000000000000109964906Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000109964905Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000109964904Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DEFBB774EFDF82DE5B41109217617C23,SHA256=4E60F39CA9075B1605D75C69A600638BEE47068F589269D2CE26E682F7E81FCA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000109964903Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000109964902Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000109964901Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000109964900Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x8000000000000000109964899Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964898Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964897Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964896Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964895Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-9797-6185-0500-00000000CC01}420536C:\Windows\system32\csrss.exe{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000109964894Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.597{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000109964893Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.582{3BF36828-25E8-6193-E398-01000000CC01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000056916435Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:38.952{B81B27B7-2350-6193-6B00-00000000CB01}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local49965-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 13241300x800000000000000056916434Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-SetValue2021-11-16 03:30:48.593{B81B27B7-2344-6193-1300-00000000CB01}720C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7da9a-0x5921fc8c) 23542300x800000000000000056916433Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:48.027{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1DCFFFB3AA679A8A32A466644604E5A9,SHA256=D9ECC1894E40392469120C9363D97FDC75C89EEF329F6DFD7510D3552E2E1832,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000109964892Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.061{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000109964891Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.061{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000109964890Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:48.061{3BF36828-25E7-6193-E298-01000000CC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000109965052Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.987{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000109965051Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.987{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000109965050Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.987{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000109965049Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.987{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000109965048Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.987{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000109965047Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000109965046Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000109965045Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000109965044Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000109965043Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000109965042Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000109965041Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000109965040Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000109965039Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000109965038Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000109965037Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000109965036Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000109965035Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000109965034Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000109965033Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000109965032Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000109965031Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000109965030Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000109965029Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000109965028Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000109965027Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000109965026Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000109965025Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000109965024Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000109965023Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000109965022Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000109965021Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000109965020Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000109965019Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000109965018Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000109965017Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000109965016Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000109965015Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000109965014Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000109965013Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x8000000000000000109965012Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109965011Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109965010Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109965009Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109965008Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-9797-6185-0500-00000000CC01}420536C:\Windows\system32\csrss.exe{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000109965007Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.972{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000109965006Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.957{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000109965005Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.675{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E0F1B676A369312F6B32A4BDDFDCF7D,SHA256=A1AF4F084CA3BBCA37C6381477959E024AE87F56C842E5290D793A1EA1E3D0AF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000109965004Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:31:01.465{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local58656-false10.0.1.12-8000- 23542300x800000000000000056916436Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:49.046{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A33EA2B3C4A7F39B3C175C9F75A2131,SHA256=AC44F68935CB148B1F5134654426D76B8DEA1EB5286249D6DB18BDBC8D8C8F8B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x8000000000000000109965003Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.440{3BF36828-25E9-6193-E498-01000000CC01}39847048C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000109965002Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.440{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000109965001Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.440{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 10341000x8000000000000000109965000Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.425{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+19544|C:\Windows\system32\taskmgr.exe+1a290|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964999Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.425{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+1e590|C:\Windows\system32\taskmgr.exe+1a25e|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964998Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.425{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+1ea6a|C:\Windows\system32\taskmgr.exe+1a0d0|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964997Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.425{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+b1cf|C:\Windows\system32\taskmgr.exe+1a084|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964996Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.425{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+b2b8|C:\Windows\system32\taskmgr.exe+19d0d|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000109964995Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.315{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79D43CEFF8B5F7DB654ADBBCF27EA199,SHA256=4FD5AC968B1DB0135FD5723ADBDE298C82D5310AD485CEA102FEA2E657E4D377,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000109964994Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.300{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000109964993Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.300{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000109964992Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.300{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000109964991Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.300{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000109964990Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.300{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000109964989Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.300{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000109964988Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.300{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000109964987Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.300{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000109964986Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000109964985Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000109964984Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000109964983Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000109964982Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000109964981Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000109964980Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000109964979Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000109964978Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000109964977Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000109964976Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000109964975Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000109964974Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000109964973Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000109964972Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000109964971Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000109964970Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000109964969Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000109964968Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000109964967Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000109964966Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000109964965Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000109964964Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000109964963Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000109964962Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000109964961Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000109964960Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000109964959Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x8000000000000000109964958Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000109964957Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000109964956Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000109964955Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000109964954Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x8000000000000000109964953Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964952Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964951Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964950Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109964949Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-9797-6185-0500-00000000CC01}420412C:\Windows\system32\csrss.exe{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000109964948Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.284{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000109964947Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:49.269{3BF36828-25E9-6193-E498-01000000CC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000109965111Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.940{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A174695760395F7B723220154FB838B,SHA256=5CBEA2EE7286071A98E2F1F0FA19D22E99BBDF5B7EF026FF7317378351C9DAC4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000109965110Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.800{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000109965109Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.800{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000109965108Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.800{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000109965107Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.675{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000109965106Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.675{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000109965105Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.675{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000109965104Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.675{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 23542300x800000000000000056916437Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:50.046{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC28E782ED84D56D017275FAD5540BA7,SHA256=77117106D7A904D35BF393EA79FBB69E11761721D41E8136CE63D3DF7240AE63,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000109965103Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000109965102Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000109965101Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000109965100Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000109965099Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000109965098Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000109965097Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000109965096Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000109965095Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000109965094Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000109965093Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x8000000000000000109965092Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000109965091Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000109965090Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000109965089Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000109965088Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000109965087Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000109965086Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000109965085Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000109965084Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000109965083Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000109965082Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000109965081Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000109965080Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000109965079Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000109965078Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000109965077Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000109965076Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000109965075Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000109965074Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000109965073Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000109965072Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x8000000000000000109965071Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000109965070Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000109965069Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000109965068Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000109965067Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x8000000000000000109965066Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109965065Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109965064Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109965063Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-9799-6185-0C00-00000000CC01}8446424C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000109965062Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-9797-6185-0500-00000000CC01}420436C:\Windows\system32\csrss.exe{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000109965061Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.659{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000109965060Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.644{3BF36828-25EA-6193-E698-01000000CC01}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000109965059Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:31:03.360{3BF36828-9797-6185-0B00-00000000CC01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local58657-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local389ldap 354300x8000000000000000109965058Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:31:03.360{3BF36828-97A9-6185-2800-00000000CC01}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local58657-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local389ldap 23542300x8000000000000000109965057Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.190{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8DEE19071695FA05A09B8BDF94E129BA,SHA256=5F77A9213B69F207681C5BD7FC885AF00F871D0B27ABBB816B13AE7D8BE89ABD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000109965056Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.112{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000109965055Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.112{3BF36828-25E9-6193-E598-01000000CC01}62722388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000109965054Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.112{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000109965053Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:50.112{3BF36828-25E9-6193-E598-01000000CC01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x8000000000000000109965113Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:51.722{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FD4853B444DD8EA3AE237C8387D0AEB,SHA256=5EB9A6F05F3AA3C1DB2BD37B1FFD3D2E42D90D20DDF9F555095CE626F8517C6B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916438Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:51.093{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2D2C30A0E22150652251E086218647D,SHA256=30BC9D4085A84BFABDCB05404E376F17D56919F18B51072C9B5484F5427D29B4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109965112Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:51.659{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A65B77A8AC520E5773ED2125364B321C,SHA256=E4932A18E5168C3B1ECC71A252F36DE6E791EC5B56BB915D9E86385BDB6B14D0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109965114Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:52.831{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C697BA4BA18A108356B56CC28D173D74,SHA256=D51FA52FDA5B969426DB3B994D4D42794C5C22313674504290BCF40C4146042A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916439Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:52.109{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=72B2E65FC5EFBBB2F69778B47B72E729,SHA256=1D44A8A3EE3BA7CBC323E066DA0B71F10F1475ECB5AA824CAEE34222F6B85332,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000056916441Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:44.051{B81B27B7-2350-6193-6B00-00000000CB01}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local49966-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000056916440Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:53.126{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06849C72721EADC983FD23905D95BA5E,SHA256=62DA3E7484BCDA7C49ECBDB80675E17378A0395DF73E1292A1D561A86CBD5FE7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000056916451Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:54.404{B81B27B7-2344-6193-1700-00000000CB01}11761260C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916450Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:54.248{B81B27B7-2346-6193-3000-00000000CB01}32043224C:\Windows\system32\conhost.exe{B81B27B7-25EE-6193-1201-00000000CB01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916449Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:54.248{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916448Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:54.248{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916447Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:54.248{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916446Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:54.248{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916445Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:54.248{B81B27B7-2343-6193-0500-00000000CB01}416780C:\Windows\system32\csrss.exe{B81B27B7-25EE-6193-1201-00000000CB01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000056916444Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:54.248{B81B27B7-2345-6193-2800-00000000CB01}22644024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-25EE-6193-1201-00000000CB01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000056916443Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:54.249{B81B27B7-25EE-6193-1201-00000000CB01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-2343-6193-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{B81B27B7-2345-6193-2800-00000000CB01}2264C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000056916442Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:54.139{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=37B1FC2C3391D5D1EB9C056A9E22AF43,SHA256=D6B677FC2C0E5A3378CE5C0273DBD426A35D3CC99A836B7CB5C5122D2E2EC945,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109965116Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:54.159{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1A2E130859109CAB27A9094D567C5639,SHA256=E4B087D1998A8215D1375FCC3203B95665190C7E1D65B8A4D000C912B317B829,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109965115Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:54.003{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9B901722D0000B51F825E18AC012F66,SHA256=D976AFD3BD38317A4E359CC02F7FA109BA0CD77FE539780622AE8B904D0B19A0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000056916471Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:55.970{B81B27B7-25EF-6193-1401-00000000CB01}56923836C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{B81B27B7-2345-6193-2800-00000000CB01}2264C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916470Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:55.814{B81B27B7-2346-6193-3000-00000000CB01}32043224C:\Windows\system32\conhost.exe{B81B27B7-25EF-6193-1401-00000000CB01}5692C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916469Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:55.814{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916468Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:55.814{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916467Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:55.814{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916466Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:55.814{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916465Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:55.814{B81B27B7-2343-6193-0500-00000000CB01}416536C:\Windows\system32\csrss.exe{B81B27B7-25EF-6193-1401-00000000CB01}5692C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000056916464Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:55.814{B81B27B7-2345-6193-2800-00000000CB01}22644024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-25EF-6193-1401-00000000CB01}5692C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000056916463Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:55.815{B81B27B7-25EF-6193-1401-00000000CB01}5692C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-2343-6193-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{B81B27B7-2345-6193-2800-00000000CB01}2264C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000056916462Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:55.251{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2A766AA87E7BA8C5D0BC042B2D2EDE36,SHA256=BEF77AB33287132CF0CC0C452C3C56B583BBE01347FFD729E99DCD0657A32F09,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916461Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:55.251{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=59D66A8D638664160DED81323F20D826,SHA256=B3BA5C28167955D07B1D9DBDBE00E1AE13E5265D9E7861B21A15E69DAAAB8B41,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916460Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:55.236{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA03E9B986A75BA868A41823192F7E4E,SHA256=2E7640F4FB129542CF9233E9DC932BF8D85B584D979F733C1FDE41B0F3FCDDA4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109965119Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:55.706{3BF36828-9799-6185-1100-00000000CC01}424NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=1C0E79EA317B982615636431E1118D9B,SHA256=F6B3EADF03F34915E792FF73164D9AA7DDCCC9AC42AF09A9F2DC18CE65D92C47,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000109965118Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:31:07.360{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local58658-false10.0.1.12-8000- 23542300x8000000000000000109965117Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:55.097{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CF0AFBF7A253F31DD24BFD18645DDB1,SHA256=106B089F7AF048CA547726EC90B8E292B4EE5DF1B8F09D54E0D6DC04DE2DB394,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000056916459Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:55.142{B81B27B7-2346-6193-3000-00000000CB01}32043224C:\Windows\system32\conhost.exe{B81B27B7-25EF-6193-1301-00000000CB01}3396C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916458Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:55.142{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916457Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:55.142{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916456Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:55.142{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916455Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:55.142{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916454Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:55.142{B81B27B7-2343-6193-0500-00000000CB01}416432C:\Windows\system32\csrss.exe{B81B27B7-25EF-6193-1301-00000000CB01}3396C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000056916453Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:55.142{B81B27B7-2345-6193-2800-00000000CB01}22644024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-25EF-6193-1301-00000000CB01}3396C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000056916452Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:55.143{B81B27B7-25EF-6193-1301-00000000CB01}3396C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-2343-6193-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{B81B27B7-2345-6193-2800-00000000CB01}2264C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000056916473Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:56.314{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2A766AA87E7BA8C5D0BC042B2D2EDE36,SHA256=BEF77AB33287132CF0CC0C452C3C56B583BBE01347FFD729E99DCD0657A32F09,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916472Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:56.236{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB7DFD2B6690F020A1ACC366B6F2F8CE,SHA256=EBE71BF832412ABA68C084FDFFDF3BC3DB2643A25E53ED879A6A1088BAD4A526,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109965120Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:56.112{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=07A28E2CA2A4E01FF90654564DFD512A,SHA256=01126A07BB04E2D7D6B59C78A0171736408C749D83AA24404B71B596F77B02DC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000056916482Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:57.532{B81B27B7-2346-6193-3000-00000000CB01}32043224C:\Windows\system32\conhost.exe{B81B27B7-25F1-6193-1501-00000000CB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916481Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:57.532{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916480Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:57.532{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916479Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:57.532{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916478Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:57.532{B81B27B7-2343-6193-0500-00000000CB01}416432C:\Windows\system32\csrss.exe{B81B27B7-25F1-6193-1501-00000000CB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000056916477Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:57.532{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916476Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:57.532{B81B27B7-2345-6193-2800-00000000CB01}22644024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-25F1-6193-1501-00000000CB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000056916475Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:57.533{B81B27B7-25F1-6193-1501-00000000CB01}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-2343-6193-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-2345-6193-2800-00000000CB01}2264C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000056916474Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:57.361{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=24E2C19FD42D5ED06FDA8D1150251083,SHA256=DE5E9B84232651B7F5B2BE91D069754ABC040D018473D9A7E545404F16AF9211,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109965122Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:57.112{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B8AF9F1CB7AB456FE60F1D1EEF2D912,SHA256=C4645349D2877F08DD0CB867781A73E78D5D8F52E0D3A7E17A527D0EF89D9E1D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109965121Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:57.003{3BF36828-989D-6185-BF00-00000000CC01}2968NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9D45E1BDB6F237A6CF51FFC6A12E6130,SHA256=87EEE278CDF62B2B86AF9CB87BDB04BAFB10272CEA175D83979B0C43158C5AB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000056916502Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:58.923{B81B27B7-2346-6193-3000-00000000CB01}32043224C:\Windows\system32\conhost.exe{B81B27B7-25F2-6193-1701-00000000CB01}5688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916501Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:58.923{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916500Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:58.923{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916499Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:58.923{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916498Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:58.923{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916497Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:58.923{B81B27B7-2343-6193-0500-00000000CB01}416780C:\Windows\system32\csrss.exe{B81B27B7-25F2-6193-1701-00000000CB01}5688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000056916496Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:58.923{B81B27B7-2345-6193-2800-00000000CB01}22644024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-25F2-6193-1701-00000000CB01}5688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000056916495Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:58.925{B81B27B7-25F2-6193-1701-00000000CB01}5688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-2343-6193-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{B81B27B7-2345-6193-2800-00000000CB01}2264C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000056916494Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:58.595{B81B27B7-25F2-6193-1601-00000000CB01}24845060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-2345-6193-2800-00000000CB01}2264C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000056916493Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:58.548{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B0CB75BC133B1816592B35D49D7F9C7A,SHA256=0E88BFEF86C8F0E832C83E48A54999DCE8455C0C5B79A3349F4614CDA75A914A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916492Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:58.439{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=582658A171398B959CA24F12C9896F9A,SHA256=F725DAF1A72841E69A5A88693D70E45CD33E29E6D41FCAFE5AD4D78DA5062980,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000109965125Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:31:11.204{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local58659-false10.0.1.12-8089- 23542300x8000000000000000109965124Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:58.206{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A15D2ABCAAA16A7359DAE3F2C3CC57D5,SHA256=D430838DCB751275BC47C681E7D86262564E3B21C4BC9093927D1C54CF7E8D26,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000056916491Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:58.423{B81B27B7-2346-6193-3000-00000000CB01}32043224C:\Windows\system32\conhost.exe{B81B27B7-25F2-6193-1601-00000000CB01}2484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916490Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:58.423{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916489Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:58.423{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916488Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:58.423{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916487Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:58.423{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916486Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:58.423{B81B27B7-2343-6193-0500-00000000CB01}416432C:\Windows\system32\csrss.exe{B81B27B7-25F2-6193-1601-00000000CB01}2484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000056916485Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:58.423{B81B27B7-2345-6193-2800-00000000CB01}22644024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-25F2-6193-1601-00000000CB01}2484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000056916484Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:58.424{B81B27B7-25F2-6193-1601-00000000CB01}2484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-2343-6193-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-2345-6193-2800-00000000CB01}2264C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000056916483Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:58.001{B81B27B7-25F1-6193-1501-00000000CB01}48841228C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-2345-6193-2800-00000000CB01}2264C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000109965123Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:58.003{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B8928AF7DD265ED714E332D6C4EDAF8A,SHA256=EABC92C8C986EBD475019042F275D9FF781A00E5108F1CAEA24233C03A206227,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916505Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:59.642{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=155747E7D210D1BCC518DF0603622EC2,SHA256=EDF5811E4FE22A32CF2F3C33619F8B259244D44B6E63DE1CEB0A79869EFBA222,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916504Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:59.501{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E15F254601C60C37463BADB3938AD365,SHA256=E880C0601D9FF7E3880CBB05CBB730531A4E4F301F190455FF88CE6280A46A5D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109965127Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:59.222{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=23642F20B29BA5388B5D273D941EE42F,SHA256=C71472F3D0AF6D2411222FDF31256EE5262898DFC98DA3E0AC5F5D2FF60033BE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000056916503Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:59.079{B81B27B7-25F2-6193-1701-00000000CB01}56885988C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{B81B27B7-2345-6193-2800-00000000CB01}2264C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000109965126Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:30:59.190{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=36FC21AE89DA033BF9DC6AAAD3F5400F,SHA256=DBFC0D016A601544A0957AF550EDF9612D409DFFFA3D3F9242FB0A615ACB5940,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916514Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:00.579{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=02F0F38EE7E5077D070D9F00C308DFB7,SHA256=DC72626FBF71090FC18D3C5EB9027C0244C5138ABC064C713A97BA86D2FFD36E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000109965129Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:31:12.391{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local58660-false10.0.1.12-8000- 23542300x8000000000000000109965128Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:31:00.222{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E353D071209611330891B242117B941,SHA256=DFD3B0DF8C35706FB90CF7DC929D691FD8D25D01DBB5A6F827FA3EDB0C6BB95A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000056916513Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:00.564{B81B27B7-2346-6193-3000-00000000CB01}32043224C:\Windows\system32\conhost.exe{B81B27B7-25F4-6193-1801-00000000CB01}1120C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916512Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:00.564{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916511Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:00.564{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916510Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:00.564{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916509Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:00.564{B81B27B7-2344-6193-0D00-00000000CB01}760912C:\Windows\system32\svchost.exe{B81B27B7-2345-6193-2300-00000000CB01}2188C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000056916508Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:00.564{B81B27B7-2343-6193-0500-00000000CB01}416780C:\Windows\system32\csrss.exe{B81B27B7-25F4-6193-1801-00000000CB01}1120C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000056916507Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:00.564{B81B27B7-2345-6193-2800-00000000CB01}22644024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-25F4-6193-1801-00000000CB01}1120C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000056916506Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:00.564{B81B27B7-25F4-6193-1801-00000000CB01}1120C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-2343-6193-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{B81B27B7-2345-6193-2800-00000000CB01}2264C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000056916517Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:01.627{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8551472952F6FF7D358157EDE74969D8,SHA256=C8BEF6B717C0794FDF97C0CA5AC7FC740E6FDC2D12D0F1B4D7630E8B02739A00,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916516Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:01.612{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8D92A50E07A52902DCEE05BCDEFEC4D,SHA256=87BFB1EE4BDE6C805FE8625C345802D5982DEAB24E25841F5C1E56FFAFF6D359,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109965130Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:31:01.222{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB11CCDD0E2E1C881A3F9B61F7049F08,SHA256=4A631F4FB1FF98FF5FF75BC16BA1DF70B7EAA43D4B90750CA661DB7165ED7E82,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000056916515Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:49.879{B81B27B7-2350-6193-6B00-00000000CB01}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local49967-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000056916518Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:02.626{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC8084FA6062671E30BF6EE7E3AC7EF6,SHA256=37E6AF5CF2D6336A2766803139401F5FCE03BCAF30227058E55EEA0413204EF9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109965131Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:31:02.222{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D884166A18F68DCFDBA46047EB2D7BD4,SHA256=BF65B67992AAB6268DAAEB08D2A1CF73EE1186711D0E91EC0B31331BC02A1B2C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916519Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:03.657{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F3414D38DD52831C79F49C3A9943A14,SHA256=4E18F66FCF12517D390C18302F084267C5D22937FD937D25E95ED1D1C249A5A0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109965132Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:31:03.222{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F44D7D8DCC568B55E231BC5549AC8FFA,SHA256=B418669151018F5A65AFB1CF47CD6E2B315EF694466810D8F3C71EDF6E37022B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916521Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:04.689{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3C3F70481507ECEA3B2127535D3AF50,SHA256=30BAEF6FD5AD9AEF85E47FD9FC4C6488D5B995AD20296D1913535CEA960748E1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000109965136Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:31:17.393{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local58661-false10.0.1.12-8000- 23542300x8000000000000000109965135Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:31:04.222{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E487B4FDDC4B9311EE104EB4F2105438,SHA256=3BAD9E5B345B3C3D6051AC08D05A2C43E0899AA2B764C20D89825348949EF7C9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000056916520Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:30:54.911{B81B27B7-2350-6193-6B00-00000000CB01}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local49968-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x8000000000000000109965134Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:31:04.190{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EB8867EDE896F18696B53592136AC92C,SHA256=0C0229DA636BABC89DA57843DDFE3F221726466AC113C25D5E667AB6C69CADC7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109965133Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:31:04.190{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FEEDD572EBB6DEDC5635EFC00F100DB7,SHA256=47BCC773A7406777A262D1106E86177996FBD6B96013AAC788F3618A2588FBFC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916522Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:05.689{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89C2B85AAA36D29ED9C34448057E1DD9,SHA256=8EA16125D3FAECD5CEECBF68C37C94BFEE70C3EAB6726BDDC7FEC4210713E3D2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109965137Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:31:05.222{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=136C9BAD2B2441D49A0B1E7B7087A6C2,SHA256=7C6DF7738D08AD20303742CCD952AD70A0840B6B41F4F4B47BE197321E2A845D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916524Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:06.720{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84B78CDF30A431B16E3EE9580FFFE0F8,SHA256=DFC05678FFE4BB867B1CC22E11523C3E9D048C5835EC5F3E9C5EDF686FECF78E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109965138Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:31:06.237{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF0411450FCE766AF636088921B7979B,SHA256=47B87FB6D57973736C96C8D1A8A7BE53354799498ADDA5F62F78ADB0383B286E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916523Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:06.689{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Windows\setupact.logMD5=E30E2753F7C87BBAB6314EEB520F0E45,SHA256=C51F45D8A76F1884E4C55D8EF93FECE0EF531F0D0A5EDB2733024CCFABF263B1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916525Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:07.736{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA552C26F2304ADD2E5BE3F2F3A96DFB,SHA256=A872CF9844D4EA27B455CC78D8FE1C318925C7CDF1DE6F878A8BA45A0473DBA2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109965139Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:31:07.331{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B54031DF94F6FD038FE735A68DE048D,SHA256=B924940FC1A01C46BE2DB0DB6993B506399184CFD879C1AF205D33D3B50802BC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916526Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:08.871{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1FF7E47F3D01C25827A94E382A069EC1,SHA256=CE1831BA86C83591BFE14FBAC525365DF2A8C9C79ACA7EC03A01A5614F0BCE26,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109965140Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:31:08.515{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18FC13FDDCA9CBD3B2FDE73BC002AC9C,SHA256=82E4CFB04BA5FAEB87D9D3BA613C1890102756F81E02DC7B3891AD73EFFD38DF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916528Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:09.886{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D61E548867D0610BF17774BEC91A56CF,SHA256=6C399233EA6752C24666687FECA8D3D026E399A95EC1AE5DB3D9886C1DBF40AB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109965143Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:31:09.528{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=345585F4DAC41A89FBF5BB626BA43D6C,SHA256=109DE9F331AF439D37259633B02B86A5479D252D0EA69EF009416D760C66F4B3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000056916527Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:00.051{B81B27B7-2350-6193-6B00-00000000CB01}3928C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local49969-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x8000000000000000109965142Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:31:09.419{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1CC314632B986A6904ECAC9836979834,SHA256=0DCBEB4045100BE3E91D1DA7DD283FCEAA6279A87238F151680D6F930E1CA455,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000109965141Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:31:09.419{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EB8867EDE896F18696B53592136AC92C,SHA256=0C0229DA636BABC89DA57843DDFE3F221726466AC113C25D5E667AB6C69CADC7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916529Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:10.902{B81B27B7-2357-6193-8800-00000000CB01}5124NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9400389EA8432B9909B10705E2C72F0D,SHA256=35AD24FF20FEB81C99E7CFCF319224CC39D65BA52AFCF560A30244DB91C26F77,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000109965145Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:31:23.307{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local58662-false10.0.1.12-8000- 23542300x8000000000000000109965144Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:31:10.657{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FADB4A8CE0A5BD3B53650AD645531828,SHA256=11306ED9FE220D97A32A5C50A5CB7BEAC57C1EA9774B4E1D51D00087DC1E150F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916667Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.996{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\OSProvider.dllMD5=4868187A2F176074DB7F35E356F74D4F,SHA256=84C8C4C67C808871A278254304D985533F67D44391840F43674FC829014E1B60,IMPHASH=82A4D833A82D441391A9AA3027199337truefalse - insufficient disk space 23542300x800000000000000056916666Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.980{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\OfflineSetupProvider.dllMD5=86B7E8438B1125C479FD275B1BDDB9A7,SHA256=47FAF8671B25A30D7BCC47AD35926D70DB633A181FA6C276479B4408A526E63E,IMPHASH=B8B4A188EFC4F12D33591C6D319B6F12truefalse - insufficient disk space 23542300x800000000000000056916665Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.980{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\MsiProvider.dllMD5=EA19239A85416A488360FA564D312402,SHA256=F21591336CD1A24EE941827620405FA34414C1C349216B4B8083ECD1FFF17C29,IMPHASH=33E1132923056DDEFB0521726DA5B987truefalse - insufficient disk space 23542300x800000000000000056916664Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.980{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\LogProvider.dllMD5=F7DB4F104DBB56DF5A156E7329E80112,SHA256=7C67EFAF44D1413576B4575B1A4C975BCB10B64BEF13E6756E895D4DB9E61AA2,IMPHASH=FB695172E8A76C56E97CE435F8ED0220truefalse - insufficient disk space 23542300x800000000000000056916663Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.980{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\IntlProvider.dllMD5=0082903881275179642AE83EFA720310,SHA256=7CCF1625E6FBE4DB16F12AC037E4236A3EF269DEE47A157C68374C867941F9E8,IMPHASH=CFB81BC5FF922F23D605A653700FE666truefalse - insufficient disk space 23542300x800000000000000056916662Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.980{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\ImagingProvider.dllMD5=EEB4AA36BAD26A2C6216A1FF3439B58C,SHA256=44A6679425039DC870C297294C4B3323F6FA9DE5C7D16D7D0AB7E1254AFC75D3,IMPHASH=0264D9B4BFE54732ADF0E29BC73BF280truefalse - insufficient disk space 23542300x800000000000000056916661Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.964{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\IBSProvider.dllMD5=11DE34FCDB75E79A920D3B491F3E7BF0,SHA256=6B7C7AD8B1AD522B27B2CC5E4F76F56ADE4495D7D46CE4F997A68954F072AF17,IMPHASH=C755896FA14213058E34639A28868FBCtruefalse - insufficient disk space 23542300x800000000000000056916660Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.964{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\GenericProvider.dllMD5=397ED660129D40927A27B75A4B8FAE2E,SHA256=EAFCECFE911DABB4531E1331DDF2E119DCBB6B7A887D70BDE737EA76BE10EB74,IMPHASH=F55EE75573C110804DE5E50ACEEC1B06truefalse - insufficient disk space 23542300x800000000000000056916659Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.964{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\FolderProvider.dllMD5=6428B4D0C26DB23E9478F039891CD5C9,SHA256=55126BB099785C2F9CD32A30991082C47D62C8231D570A9D8A6F3CC599B25EE1,IMPHASH=B2CC5EDD42A866F7CB6CAE42DB969187truefalse - insufficient disk space 23542300x800000000000000056916658Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.964{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\FfuProvider.dllMD5=E27BC7F808E72F08372BA3C40B4B6344,SHA256=927B194432046C0D2ADF7C7B71E4BE85602C4D00A5D6EDA9F9DB9924E1C3447A,IMPHASH=8580AF5C1871319D05329DB2E96A8146truefalse - insufficient disk space 23542300x800000000000000056916657Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.964{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\en-US\WimProvider.dll.muiMD5=CC3B15540DDB521A300BAFF0BF4F902E,SHA256=33C06CC037DF1EBB72A15BCC2E09BC89DFEF7DD94441C650FD3D0C833122002A,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916656Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.964{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\en-US\VhdProvider.dll.muiMD5=10536C56F02E68EBD13D0B2CE8665C6A,SHA256=06C3B71D251A8DD47D02EDBFBE84E0B6B1D67956DE4D3996031434CBAD728929,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916655Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.964{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\en-US\UnattendProvider.dll.muiMD5=B7E3676672BE6851EA13ADD879C2945E,SHA256=2D2D82EE842CD346B58DCAFAE6FEC46D491E0D15CFBE0D8964A4AB7F18C5AAB9,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916654Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.964{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\en-US\TransmogProvider.dll.muiMD5=D5D596B1102DA565C2ED1FAAC170E758,SHA256=B5DBB36E947FD64AAF22C53F0A9634C7D72D4CC270C055B67E020920BF806909,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916653Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.964{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\en-US\SmiProvider.dll.muiMD5=CAD746ED5AF63E7FC49ED4A5A3984629,SHA256=016C6071B04E6D7E12AD9B8A85C002320331E01ED62922C573A1AC43BA0DD919,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916652Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.964{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\en-US\ProvProvider.dll.muiMD5=70AFEC86B6CF677BF8D3C713CA3281FB,SHA256=C8579EC95A51EB663FFC6145F0998C2F1930A6B8146C84C0A9094BCA4E5195A7,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916651Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.964{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\en-US\OSProvider.dll.muiMD5=A464DFEDEA8520616AA9B2ACD166A77F,SHA256=54E985CFF256CEBE82E9EF3E814A5FDA9FF730BCB50265E9BA78DE65A4DE3F42,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916650Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.964{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\en-US\OfflineSetupProvider.dll.muiMD5=CED788DBD9D13D0490B2F642B0B051F6,SHA256=D5DBC0A52B598800EE14569859383525950B865F4816E47E2E73F79AA1C32A09,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916649Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.964{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\en-US\MsiProvider.dll.muiMD5=5AE9ABD6BB469F3AD7B3A4CCD40974BF,SHA256=C2CE66F2F218890AA76F8BAB68B4C0FDCED0688E694F912F3A5BFABFA6CDB5E7,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916648Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.949{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\en-US\LogProvider.dll.muiMD5=0D4519BC8EB58A006E4A5EB993C0DCCF,SHA256=DAFFE67521F9B4657FBFEF9585234CB39293F9B866C0D97D66F675037515BB51,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916647Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.949{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\en-US\IntlProvider.dll.muiMD5=16ACB74928BC55FD4AAC316F3B92E1D7,SHA256=17CB486CADB679C75A27BA6C76E2FE714F4B8DA845E6F795759517D6734F0BC9,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916646Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.949{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\en-US\ImagingProvider.dll.muiMD5=26F5BBF8D6EE90B4F47C18E93D1087FB,SHA256=F41738FEF7140176447ECF371B1117A485E48BA6F3E9AFAA8C4F883ABFAE62DA,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916645Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.949{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\en-US\IBSProvider.dll.muiMD5=0B09FE334215A8E736B2CF08A50D5204,SHA256=DCE9AD3B79F91BEBEDDFCD9E03F1557CB7C6114AC906081E9E046F807093CDF1,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916644Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.949{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\en-US\GenericProvider.dll.muiMD5=956B8B45B92321C0D5975EE9A6C5B773,SHA256=578541D71466CF61EF399023B34EDFCBD915142BE856534AD4D17D25E7CC9F3D,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916643Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.949{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\en-US\FolderProvider.dll.muiMD5=DC4E4C2800DC6D98F7893044A21D246B,SHA256=8B4CE62F4E4294E701193C7AE393EB5EB29AA45932D376CB1A03728A140096AE,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916642Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.949{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\en-US\FfuProvider.dll.muiMD5=5ECAD70AC2B3A95CBB42D6FE67D2F726,SHA256=C210389DBB9B7B4A802E4B0C3C708B6F55B086564A01E19CFB183B6AF916C30A,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916641Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.949{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\en-US\DmiProvider.dll.muiMD5=38C2A1560C340537C3AE0CE04BDF7EAA,SHA256=52B06DFD85FB5AB1DCE2BE665CA144B1AE6658F518D1623D9B44C347C482B064,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916640Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.949{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\en-US\DismProv.dll.muiMD5=BD7B77B3EE9A12FF3F5446ECDF80B5C6,SHA256=B972A0B2C4682E9074441B481BD886DE19B8DB3DBA401B88E980B154C14D5A7E,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916639Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.949{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\en-US\DismCore.dll.muiMD5=C901FF639EDFBBE710D6E5882F07CD24,SHA256=9BDA61D23DC50F9AFA82DA94B06B7B9C8229D5ED666D2F5270DAE13100815C27,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916638Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.949{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\en-US\CompatProvider.dll.muiMD5=A2A344CB32B6835744A36D877C952665,SHA256=A74D765B796638A921C4810D1712A08F7A37C9BA9E91F4DFDCB9727611C3D18D,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916637Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.949{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\en-US\CbsProvider.dll.muiMD5=179B34BE97A383AF3E757031E7DA964B,SHA256=ABD3824664D1336EE849D89BA178606CC1B1E23E173752D8093F34A5580FA8F4,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916636Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.949{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\en-US\AssocProvider.dll.muiMD5=386FE7AC95738A0CB6D25DEA662991F1,SHA256=22DC7317108A528BA92C853330598F628B93FFF27CAC34C2F501B806A75261D9,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916635Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.949{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\en-US\AppxProvider.dll.muiMD5=9FF5081115C2C21D9F85AF7EE6D2CC63,SHA256=107B10A8C1426F1C0D703F06832D740A4CFDCAA596FA0EA147A32A736A7A2A4D,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916634Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.949{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\DmiProvider.dllMD5=FC76385FF00D4A93618D842B41716D8D,SHA256=BBD49A49CFFA8411FFA91B02541F5F3B5333FD9055BC129DDD3B36EB005C34D9,IMPHASH=062B279D8ED4374A0CD0C84620F4BE4Etruefalse - insufficient disk space 23542300x800000000000000056916633Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.949{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\DismProv.dllMD5=8C7D97E22045AE402EA896F514CEED81,SHA256=76D3202E11BA22D277532A14CAE60E596975C0D8C34C7BE154F453EB1F7C37EF,IMPHASH=0247CB1C8FD55E43A448E359883057DBtruefalse - insufficient disk space 23542300x800000000000000056916632Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.933{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\DismHost.exeMD5=A59C22B77871CC18970038B7FA43826F,SHA256=CB84B51713BAD689ABB96560E57A71B276D4B28B1C09C7116EE85F5782A1B144,IMPHASH=734010D3430DBD2CA51B599924FE1424truefalse - insufficient disk space 23542300x800000000000000056916631Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.933{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\DismCorePS.dllMD5=FB88731B484D1FF4AFF5DB75A20799FA,SHA256=EA155388211E0C3CEF2C99BD5F341C9F93F1ECDA6F21096DB6F9DB2110686A52,IMPHASH=65E10DCEA11F7117C161DC7557B87689truefalse - insufficient disk space 23542300x800000000000000056916630Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.933{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\DismCore.dllMD5=F1AB58CACD95921A04225222D03CDEA0,SHA256=EDE89F377FD46F95639413411CDA072D9FF63E72A399B26AB4870094F145091B,IMPHASH=B7B56C790C8AB7134B0680D8DFE46658truefalse - insufficient disk space 23542300x800000000000000056916629Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.933{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\CompatProvider.dllMD5=E5C1D020198EBEC1D5ABA640C9A600D0,SHA256=A80FD2846E05AB491BDAAFCE8854A04549A852066B82B90D757D9B6A44ADA8C8,IMPHASH=2CDD615C09EED7B572606B2A0C0EFD2Ftruefalse - insufficient disk space 23542300x800000000000000056916628Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.933{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\CbsProvider.dllMD5=D4A64C7C50D0C6BE9F8770177E2264BF,SHA256=E6505F9DBE17DF9E7E52B5FE1720E1F6482B25D262A47A320CF438C5FD5A5797,IMPHASH=99D5DC4FF67AB12670853DD4E32E8358truefalse - insufficient disk space 23542300x800000000000000056916627Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.917{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\AssocProvider.dllMD5=56CB83B3454882509791FBA62832BC87,SHA256=5B01524CC03B6EB58CC9E0FF479014EAF89EE7FDE2791BFF871BC90274D200AC,IMPHASH=83F73507B4613B09C6FA825535D8A81Etruefalse - insufficient disk space 23542300x800000000000000056916626Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.917{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\AppxProvider.dllMD5=8F6792DF9EC54934B76A68B1D7B66ECA,SHA256=E57CB2D5CEC5E1354F4E31CD08ADA02FCAA0E2DEA4B28C8F61683BFA3E875C05,IMPHASH=F1558CACACA712554EBD5926B4B3FE52truefalse - insufficient disk space 23542300x8000000000000000109965146Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-16 03:31:11.672{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51B36472945479FED09F47FC890D0A76,SHA256=DBDD86638F656D560566337D177D5EB335B596215B214F8E8C95923437A70BDC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000056916625Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.886{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\api-ms-win-service-winsvc-l1-1-0.dllMD5=09934F0F7227B9489D117C26EC20CD14,SHA256=CBE408A0AFF90986A6A7DDF022F96302B4FADD08A0C3C166CAC7A64D6ABF041D,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916624Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.886{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\api-ms-win-service-private-l1-1-1.dllMD5=484ED248F1A72C6E4E6F6C3F5A3339ED,SHA256=00E14515FE6FEBBF3C2CFC89A6F1A3D6F48B3E7A5EB08D50DADF69CE3F34CC47,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916623Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.886{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\api-ms-win-service-private-l1-1-0.dllMD5=FEBE55EA884F3C1EE45ADE2734AA6BE6,SHA256=CD51DF334A600117133C9C8100DDE766D980456988FD333A40BE5A81C8092340,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916622Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.886{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\api-ms-win-service-management-l2-1-0.dllMD5=0D45D811001E0A7683A2B7CA8A883874,SHA256=F44E2A85D7507159AE115C85C3497C57BE4ECB2D6ADDB30A534110266D56F92F,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916621Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.886{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\api-ms-win-service-management-l1-1-0.dllMD5=C36912B3A28B06F5BB24FE9BE49DA4D3,SHA256=D737A832C0D595E8E52846C2D748B911D7155E372F43FBB10513CFDE0BBF83B7,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916620Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.886{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\api-ms-win-service-core-l1-1-1.dllMD5=A86D518BCF3970C17A1768792FDF37FF,SHA256=AB5CC1B14D6BB708B5C87C2622DA886E2119A6997E08108CCE36080385DAEE71,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916619Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.886{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\api-ms-win-service-core-l1-1-0.dllMD5=A329C75641638E2FFA11087F614FD4C1,SHA256=5071AA303D436407D195EF37889F018BE7E350DA5E690793587458D4C6D308DB,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916618Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.886{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\api-ms-win-security-sddl-l1-1-0.dllMD5=C6C6C3E4D7CFA93246362901750A94D9,SHA256=6E274ABE823EF8B30629A99D9F942794C9FE6D003021A0C5085B49A7D8611DDE,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916617Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.886{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\API-MS-Win-security-provider-L1-1-0.dllMD5=207B5716605CA4850629F3E2FFFA07BB,SHA256=BE6E6284F69C76BE6366EA8D44D85BDBAB6A71DD42E8B5575CFDF671AD58DCA2,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916616Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.886{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\API-MS-Win-security-lsapolicy-l1-1-0.dllMD5=FE7AD7265E296947172B8C491E8109D2,SHA256=4D231AC65F0F54BFF45CACFFE7DF3109CF87F78D14960EC8F03654E605AC8ABF,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916615Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.886{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\API-MS-Win-Security-Lsalookup-L2-1-1.dllMD5=EBD6475839F5C99FB8855A80E0FC2AF1,SHA256=F519C7AA6930DAC83A3045CEEE42F64F26FFC54254D5ABD1B0F7D99C47569A30,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916614Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.886{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\API-MS-Win-Security-Lsalookup-L2-1-0.dllMD5=AC284A6251F5D26633AF48D918D09628,SHA256=F7A34B793AACF75DA4EAE843B6088C0BAAA8B835EA5F6A65E72EBD9A1479C8A8,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916613Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.886{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\api-ms-win-security-cryptoapi-l1-1-0.dllMD5=DE0A49D4B2E9A5FA6762BD191C622B32,SHA256=AB12FEAF15CB313812B01AFE1198B62E72F7702D140830ABAD2CFB6251E82A7C,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916612Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.886{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\api-ms-win-security-base-l1-1-0.dllMD5=DC4B661366FEAA4ED54FB1004D9E7A3D,SHA256=B4018F8F249CE087DB46F61A0C2E947248A5B71576F511F0B3650433607BC663,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916611Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.886{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\API-MS-Win-EventLog-Legacy-L1-1-0.dllMD5=B8B7B02C3C66638EC0BDF49BCF04A680,SHA256=5D1103E89199731DFFF7BF89D7F6484C038D47CC04F730CD5233EDE488272E6A,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916610Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.871{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\API-MS-Win-Eventing-Provider-L1-1-0.dllMD5=FEAA05CE6CCB92AA7B2A2C58C049891A,SHA256=31A4AE262E179DF4CA406E1AF90F651935657BB5FD990C675C67E37D5B834CFE,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916609Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.871{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\API-MS-Win-Eventing-Legacy-L1-1-0.dllMD5=88450242D5350529CC8E46FD9C3F3B7B,SHA256=312B6BFC89B551F2C4E8FEDAB316DBE01F190CD5E67091AAFB0E6F67616DC745,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916608Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.871{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\API-MS-Win-Eventing-Controller-L1-1-0.dllMD5=00A27A81EAAE90C9CED7063013877357,SHA256=DC4EE086FC046E1D7A291EA3B8B13E77B7A252B5C283B8F6C9CEC729070B7822,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916607Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.871{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\api-ms-win-eventing-consumer-l1-1-0.dllMD5=61958A4BE8F944BAFB29DF8009541FCD,SHA256=3B7CB5622BEAC7D633A84EE2F7336C8DE1D3D1AA10577D98020081AB67761FAD,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916606Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.871{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dllMD5=8500E093D6B36DF1AF271F6EB34227CA,SHA256=99E2CD36104D3EFD4DEC88AD0F4BED1FD1BBFA97CC4FB29DB7F7136290DD6B70,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916605Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.871{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\API-MS-Win-devices-config-L1-1-1.dllMD5=5A03B636125C21AB918D2CB04843DBA8,SHA256=C914CD6FE6C7B16533763BC789EDAF67D7A19C26514C927572051C4379C79FC0,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916604Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.871{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\API-MS-Win-devices-config-L1-1-0.dllMD5=0C61A8D9CF9BBF6D771BEF0FF4A43E23,SHA256=66807B95E13944D52E9A7AA1F1A41E632FAA46F6B48F98451618DB3845622577,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916603Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.871{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\API-MS-Win-core-xstate-l2-1-0.dllMD5=56A386E38B637FCD96CED04CEFBCF8DE,SHA256=A5BE1E3C71A3A5C8EEF4BFAD9D0BADC97BA47B2B9911CED4BD1B8F65BB8DCB77,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916602Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.871{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\api-ms-win-core-xstate-l1-1-0.dllMD5=6A982D13DDB295E59F90FF23EDD2E60F,SHA256=3617DBCADFE370463B4DBB91C1C6222923F16EC362DE29C2CA3AE4E72C9ABB64,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916601Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.855{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\api-ms-win-core-wow64-l1-1-0.dllMD5=AE7573E1DC370B9A8FEBCC17A6C82FF8,SHA256=59A473D1AD7C181C89AF00B966CD107F1846CDC526009C4807A1EAE3DCB3731D,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916600Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.855{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\api-ms-win-core-version-l1-1-0.dllMD5=5CB34501C2D784D31281FD526B0BB963,SHA256=E45B73AF0C35F05B01CADF6BD4F67C1497586F4C4F9A16F0448BA751E16C4596,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916599Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.855{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\api-ms-win-core-util-l1-1-0.dllMD5=212DA9E9AD6BB61A3554A4174BA558CF,SHA256=01291D3895EC5BB0E658F91FE1512AADCBB6D8F1154BC6023076554AFA05AC1D,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916598Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.855{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\api-ms-win-core-url-l1-1-0.dllMD5=198A08F8150D7575CC207CFFCF67D66C,SHA256=86F6DA0F1D075B7E1678DF71689948FEC334CFB10316FEB40E5107135548F9B4,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916597Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.855{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\api-ms-win-core-timezone-l1-1-0.dllMD5=4D7C132D9742FFA44248B1BBF32020FB,SHA256=58A65C1938DCDF64D2930B037E9D133A5ACDF46365835782869D3216D3CF2CED,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916596Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.855{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\api-ms-win-core-threadpool-private-l1-1-0.dllMD5=A9BC53B62CD4B269B8385ADBE0AE808D,SHA256=A30003AB0C020E433CC5296E7E150BB11820395D439062FF7FD6D7F449C4C5B3,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916595Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.855{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\api-ms-win-core-threadpool-legacy-l1-1-0.dllMD5=CAC86F4298EB2D239410B3338780DC34,SHA256=1D99842180A612D63F1A8B137A9BF0375B7113AAB325916BA4781AB8A7B68E7D,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x800000000000000056916594Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-16 03:31:11.855{B81B27B7-25A9-6193-F500-00000000CB01}2848ATTACKRANGE\REED_SCHMIDTC:\Windows\system32\cleanmgr.exeC:\Users\REED_S~1\AppData\Local\Temp\C225BADE-BEAF-4BA4-963B-48C82AD1F05A\api-ms-win-core-threadpool-l1-2-0.dllMD5=D32DDF80AB3F1F96F431E5672DC1F387,SHA256=E2F0F0D46082ED40D042BCCD47F4E917707CF884672C5919116126914FAD4572,IMPHASH=00000000000000000000000000000000truefalse - insufficient disk space 23542300x8000000000000000